Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Yoranis Setup.exe

Overview

General Information

Sample name:Yoranis Setup.exe
Analysis ID:1584251
MD5:b3cbd672cb20b2112488d26a6b325e69
SHA1:c752f280a123a30177ba1e17d770bead2c0644a9
SHA256:9bdec941d05ba0c0f365e2198600914d6001745cf554b8e6673d5045b7f6205d
Tags:exeuser-JaffaCakes118
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
AI detected suspicious sample
Drops large PE files
Excessive usage of taskkill to terminate processes
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
Binary contains a suspicious time stamp
Contains functionality for read data from the clipboard
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Usage Of Web Request Commands And Cmdlets
Stores files to the Windows start menu directory
Too many similar processes found
Uses 32bit PE files
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • Yoranis Setup.exe (PID: 5816 cmdline: "C:\Users\user\Desktop\Yoranis Setup.exe" MD5: B3CBD672CB20B2112488D26A6B325E69)
    • cmd.exe (PID: 4908 cmdline: "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YoransSetup.exe" /FO csv | "C:\Windows\system32\find.exe" "YoransSetup.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 4948 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 2488 cmdline: tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • find.exe (PID: 4600 cmdline: "C:\Windows\system32\find.exe" "YoransSetup.exe" MD5: 15B158BC998EEF74CFDD27C44978AEA0)
  • YoransSetup.exe (PID: 5324 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" MD5: 19A61DB800E68F1BCB442D9B2531E6BC)
    • cmd.exe (PID: 3104 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 6584 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • YoransSetup.exe (PID: 6836 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1748 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: 19A61DB800E68F1BCB442D9B2531E6BC)
    • cmd.exe (PID: 7060 cmdline: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • curl.exe (PID: 1732 cmdline: curl http://api.ipify.org/ --ssl-no-revoke MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
    • cmd.exe (PID: 2792 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 5772 cmdline: wmic bios get smbiosbiosversion MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
    • YoransSetup.exe (PID: 2688 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2428 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: 19A61DB800E68F1BCB442D9B2531E6BC)
    • cmd.exe (PID: 4828 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 4432 cmdline: wmic MemoryChip get /format:list MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • find.exe (PID: 6488 cmdline: find /i "Speed" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
    • cmd.exe (PID: 6204 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 1856 cmdline: wmic path win32_VideoController get name MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
    • cmd.exe (PID: 1712 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 3104 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 2536 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 4432 cmdline: taskkill /IM chrome.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3608 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 6956 cmdline: taskkill /IM msedge.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1432 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 5844 cmdline: taskkill /IM brave.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6400 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7224 cmdline: taskkill /IM firefox.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3104 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7320 cmdline: taskkill /IM opera.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6204 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7840 cmdline: taskkill /IM kometa.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7180 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7248 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7788 cmdline: taskkill /IM orbitum.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7240 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7296 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8000 cmdline: taskkill /IM centbrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7280 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7944 cmdline: taskkill /IM 7star.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7328 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7920 cmdline: taskkill /IM sputnik.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7352 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7864 cmdline: taskkill /IM vivaldi.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7360 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7852 cmdline: taskkill /IM epicprivacybrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7368 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8100 cmdline: taskkill /IM uran.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7388 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7968 cmdline: taskkill /IM yandex.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7396 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7952 cmdline: taskkill /IM iridium.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7504 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7976 cmdline: tasklist /FI "IMAGENAME eq msedge.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7568 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7896 cmdline: tasklist /FI "IMAGENAME eq chrome.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7576 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7984 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7592 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7936 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7616 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7644 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7888 cmdline: tasklist /FI "IMAGENAME eq firefox.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 6952 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7236 cmdline: taskkill /IM chrome.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2448 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 5844 cmdline: taskkill /IM msedge.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6608 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7208 cmdline: taskkill /IM brave.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7272 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8108 cmdline: taskkill /IM firefox.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3452 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7844 cmdline: taskkill /IM opera.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6584 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8048 cmdline: taskkill /IM kometa.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7604 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 6488 cmdline: taskkill /IM orbitum.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2324 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7400 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8028 cmdline: taskkill /IM centbrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8060 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7800 cmdline: taskkill /IM 7star.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7760 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7856 cmdline: taskkill /IM sputnik.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7588 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7652 cmdline: taskkill /IM vivaldi.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8020 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7888 cmdline: taskkill /IM epicprivacybrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3408 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7592 cmdline: taskkill /IM uran.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7972 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7912 cmdline: taskkill /IM yandex.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8116 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7240 cmdline: taskkill /IM iridium.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • chrome.exe (PID: 8052 cmdline: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • cmd.exe (PID: 7268 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7436 cmdline: tasklist /FI "IMAGENAME eq msedge.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8036 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7780 cmdline: tasklist /FI "IMAGENAME eq chrome.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8100 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7608 cmdline: tasklist /FI "IMAGENAME eq firefox.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7408 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 5816 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 6204 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7220 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • dllhost.exe (PID: 2448 cmdline: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} MD5: 08EB78E5BE019DF044C26B14703BD1FA)
    • msedge.exe (PID: 5436 cmdline: "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 6940 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2112 --field-trial-handle=1984,i,3389205332898887649,4173586543709646972,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • backgroundTaskHost.exe (PID: 7396 cmdline: "C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider MD5: DA7063B17DBB8BBB3015351016868006)
    • cmd.exe (PID: 8136 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7944 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7464 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7904 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7632 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 2836 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7956 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7876 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 3760 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8128 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7272 cmdline: taskkill /IM Steam.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1820 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7832 cmdline: taskkill /IM javaw.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2472 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 5468 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7332 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7232 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 5724 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7388 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7240 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7836 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7772 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7760 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7212 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Browser Started with Remote Debugging
Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, CommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe, ParentProcessId: 5324, ParentProcessName: YoransSetup.exe, ProcessCommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, ProcessId: 8052, ProcessName: chrome.exe
Sigma detected: Usage Of Web Request Commands And Cmdlets
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke", CommandLine: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe, ParentProcessId: 5324, ParentProcessName: YoransSetup.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke", ProcessId: 7060, ProcessName: cmd.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, CommandLine: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1712, ParentProcessName: cmd.exe, ProcessCommandLine: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, ProcessId: 3104, ProcessName: powershell.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 84.1% probability
Source: Yoranis Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\Yoranis Setup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b4a0680f-9ee1-57b1-adfd-e68812be32d6Jump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txtJump to behavior
Source: Yoranis Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\PROFESSIONAL\VC\TOOLS\MSVC\14.42.34433\LIB\X64\LIBCMT.AMD64.PDB source: Yoranis Setup.exe, 00000000.00000003.1934907956.0000000005FF1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: Yoranis Setup.exe, 00000000.00000003.1863640706.0000000005064000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: Yoranis Setup.exe, 00000000.00000003.1872786906.000000000506F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: Yoranis Setup.exe, 00000000.00000003.1863640706.0000000005064000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\electron.exe.pdb source: Yoranis Setup.exe, 00000000.00000003.1859194180.00000000066A0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: Yoranis Setup.exe, 00000000.00000003.1884656243.0000000005069000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\node-sqlite3\node-sqlite3\build\Release\node_sqlite3.pdb source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\win-version-info\win-version-info\build\Release\VersionInfo.pdb source: Yoranis Setup.exe, 00000000.00000003.1945320349.000000000566A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\PROFESSIONAL\VC\TOOLS\MSVC\14.42.34433\LIB\X64\LIBCPMT.AMD64.PDB source: Yoranis Setup.exe, 00000000.00000003.1934907956.0000000005FF1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: Yoranis Setup.exe, 00000000.00000003.1885877191.0000000005F22000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059CC
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\localesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-jsJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpackedJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modulesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resourcesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\buildJump to behavior
Source: Joe Sandbox ViewIP Address: 143.244.215.221 143.244.215.221
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgUser-Agent: curl/7.83.1Accept: */*
Source: global trafficDNS traffic detected: DNS query: api.ipify.org
Source: global trafficDNS traffic detected: DNS query: api.iwannaeatcats.com
Source: global trafficDNS traffic detected: DNS query: api.gofile.io
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: file.io
Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.1/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.1:1337/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.1:80/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.2/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.2:1337/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.2:80/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1/32
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://a.b.example
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me/)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue5752
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.000000000748D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.000000000748D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://certificates.godaddy.com/repository100.
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/chromium/issues/detail?id=76293
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.00000000072A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/gyp/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/gyp/issues/detail?id=122
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/gyp/wiki/GypLanguageSpecification
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.00000000072A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.00000000072A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.000000000748D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.godaddy.com/gds1-20
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://debuggable.com/)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dominictarr.com)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://example.no
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://example.sub
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/commonnode-set..
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedesktop.org
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/troygoode/)
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://icl.com/saxon
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://indigounited.com)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://istanbul-js.org/
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://marijnhaverbeke.nl/git/acorn
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://maxao.free.fr/xcode-plugin-interface/specifications.html
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://n8.io/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://n8.io/)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://no.sub.example
Source: Yoranis Setup.exe, 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Yoranis Setup.exe, 00000000.00000000.1668105514.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.000000000748D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.godaddy.com/0J
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org/)
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.000000000748D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://s..
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/62888/10333
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/37519828
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sub.example
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sub.example:1337
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sub.example:80
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tootallnate.net)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://travis-ci.org/troygoode/node-require-directory)
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tukaani.org/xz/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://unexpected.proxy
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.exodus.io)
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freedesktop.org/wiki/Software/xdg-user-dirs
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.futurealoof.com)
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.webrtc.org
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://x.prefexample
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zlib.net/
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1860033015.00000000074F7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/upload
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/uploadhttps://beacons.gvt2.com/domainreliability/uplo
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1860033015.00000000074F7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gvt2.com/domainreliability/upload
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1860033015.00000000074F7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons2.gvt2.com/domainreliability/upload
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1860033015.00000000074F7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons3.gvt2.com/domainreliability/upload
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1860033015.00000000074F7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons4.gvt2.com/domainreliability/upload
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1860033015.00000000074F7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons5.gvt2.com/domainreliability/upload
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1860033015.00000000074F7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons5.gvt3.com/domainreliability/upload
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/gyp/issues/detail?id=530
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3056
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=4118
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: Yoranis Setup.exe, 00000000.00000003.1925582048.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=am&category=theme81https://myactivity.google.com/myactivity/?u
Source: Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=cs&category=theme81https://myactivity.google.com/myactivity/?u
Source: Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: Yoranis Setup.exe, 00000000.00000003.1928149958.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1925582048.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1929896230.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926437841.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1925615602.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928365141.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1929233631.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1933497964.0000000002B48000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928788246.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926980686.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926765925.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/webm/libwebm
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/webm/libwebp
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1860033015.00000000074F7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/domainreliability/upload
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#clear
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#table
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://coveralls.io/github/JoshGlazebrook/smart-buffer?branch=master)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://coveralls.io/repos/github/JoshGlazebrook/smart-buffer/badge.svg?branch=master)
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1429681
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/927119
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/927119..
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/v8/7848
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/draft-ietf-rtcweb-ip-handling.
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7231#section-6.4
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7238
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.apple.com/download/more/
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/docs/extensions/mv3/service_workers/events/
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/docs/extensions/mv3/service_workers/events/Script
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/PerformanceResourceTiming
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/includes
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWith
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download.developer.apple.com/Developer_Tools/Command_Line_Tools_for_Xcode_11.5/Command_Line_
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunk
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-flush
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://eslint.org/docs/rules/no-buffer-constructor)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org/opensource
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org/support
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fetch.spec.whatwg.org/
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fetch.spec.whatwg.org/#fetch-timing-info
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ChALkeR
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ChALkeR/safer-buffer.git
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Cyan4973/xxHash
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/smart-buffer.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/smart-buffer/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/socks#api-reference)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/socks.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/socks/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/MeriemKhelifi)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/RABEHAJA-STEVENS)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Rob--W/proxy-from-env#readme
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Rob--W/proxy-from-env.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/RyanZim/universalify#readme
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/RyanZim/universalify.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TooTallNate/node-socks-proxy-agent#readme
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TooTallNate/util-deprecate
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TroyGoode)
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/scheduling-apis
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WebAssembly/esm-integration/issues/42
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WebBluetoothCG/web-bluetooth/blob/main/implementation-status.md
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/acornjs/acorn.git
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/acornjs/acorn/issues
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/acornjs/acorn/issues/575
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/alexei)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/alexei/sprintf.js.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/alograg)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/andrasq)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/andrewrk/node-mv/blob/master/package.json
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/arose)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/beck)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/bitinn/node-fetch
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/calvinmetcalf/process-nextick-args
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/calvinmetcalf/process-nextick-args.git
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/supports-color
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer).
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chromium/chromium/blob/HEAD/third_party/blink/public/platform/web_crypto_algorith
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/daurnimator)
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/denoland/deno
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/denoland/deno/blob/main/LICENSE.md.
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/denoland/deno/blob/v1.29.1/ext/crypto/00_crypto.js#L195
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/rc.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/varstruct
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/varstruct.git
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/seco-file#readme
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/seco-file.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/secure-container#readme
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/secure-container.git
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/zstd
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/safe-buffer
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/simple-concat
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/simple-get
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fredludlow)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giann)
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/woff2
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/wuffs-mirror-release-c
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/xnnpack
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-statusFailed
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/heycam/webidl/pull/946.
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/promise-inflight#readme
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/promise-inflight.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/unique-filename
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/unique-filename.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/wide-align
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/color-support.
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/minipass-fetch)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/minipass.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/node-tar.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/johnnyshields)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyeecheung/node-dep-codemod#dep005)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-fs-extra
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-fs-extra/pull/141
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jsdom/webidl-conversions
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jsdom/webidl-conversions/blob/master/LICENSE.md.
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/lgeiger/node-abi/issues/54
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/litmit)
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/pump
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-fs
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-fs.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-stream
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-stream.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/marob)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mikeal/tunnel-agent
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla/sweet.js/wiki/design
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mrvisser)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/msimerson)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nazar-pc)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/node4good/windows-autoconf
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/Release#release-schedule)).
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/TSC/blob/master/Moderation-Policy.md
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/gyp-next
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/gyp-next/archive/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#installation
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#installation)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#on-macos
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#on-windows
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/issues/1779
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/issues/1861
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/issues/1927
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/raw/master/macOS_Catalina_acid_test.sh
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/b3fcc245fb25539909ef1d5eaa01dbf92e168633/lib/path.js#L56
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/c8a04049/lib/internal/errors.js
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/master/CODE_OF_CONDUCT.md
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/v10.8.0/lib/internal/errors.js
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/34532
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35862
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/39707
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/39758
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: Yoranis Setup.exe, 00000000.00000003.1940263446.000000000566A000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1944136948.000000000566A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/27791
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/32887
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34385
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35941
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38614)
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/43714
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/46161
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/string_decoder
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/cacache
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/cli/blob/4c65cd952bc8627811735bea76b9b110cc4fc80e/lib/utils/ansi-trim.js
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/make-fetch-happen
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/minipass-fetch.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/move-file
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-semver.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/blob/51b6627a1f357d2eb433e7378e5f05e83b7aa6cd/lib/header.js#L349
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/issues/183
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/pull/187
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/nopt.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/npmlog.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/ssri
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ohler/ert
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/oliversalzburg)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pigulla)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ppollono)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/node-gyp-build
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/node-gyp-build.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/prebuild-install
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/prebuild-install.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/rebeccapeltz)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/feross
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/isaacs
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/sindresorhus
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/stingstrom)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tapjs/signal-exit
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tapjs/signal-exit.git
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tim-kos/node-retry
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/timgates42)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/troygoode/node-require-directory/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-coff
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-machine-type
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-machine-type-descriptor
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-signature
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-signature-offset
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/win-detect-browsers
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/wodka)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/set-blocking#readme
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/set-blocking.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/yargs#supported-nodejs-versions
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/yargs-parser#supported-nodejs-versions
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/yargs.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/zkochan/packages/tree/main/which-pm-runs
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/zkochan/packages/tree/main/which-pm-runs#readme
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/xdg/xdgmime
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/xorg/proto/xproto/
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1859194180.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/EuHzyv
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/rStTGz
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/t5IS6M).
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hackerone.com/reports/541502
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hsivonen.fi/encoding-menu/
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jimmy.warting.se/opensource
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://no-color.org/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodei.co/npm/require-directory.png?downloads=true&stars=true)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodei.co/npm/require-directory/)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodei.co/npm/smart-buffer.png?downloads=true&downloadRank=true&stars=true
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/dist
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.00000000072A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.18.0/node-v18.18.0-headers.tar.gz
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.00000000072A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.18.0/node-v18.18.0.tar.gz
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.00000000072A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.18.0/node-v18.18.0.tar.gzhttps://nodejs.org/download/release
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.00000000072A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.18.0/win-x64/node.lib
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://npm.im/$
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://npmjs.org/package/require-directory))
Source: Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwords.google.com
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ponyfill.com/)
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://robwu.nl/)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://secure.travis-ci.org/troygoode/node-require-directory.png)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://semver.org/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com)
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/wtl/files/WTL%2010/
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourcemaps.info/spec.html
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://streams.spec.whatwg.org/#example-manual-write-with-backpressure
Source: Yoranis Setup.exe, 00000000.00000003.1926405713.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928149958.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1925582048.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1929896230.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926437841.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928405930.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928365141.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1929233631.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1933497964.0000000002B48000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928788246.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926980686.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926765925.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1927526192.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: Yoranis Setup.exe, 00000000.00000003.1926405713.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928149958.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1925582048.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1929896230.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926437841.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928405930.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1925615602.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928365141.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1929233631.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1933497964.0000000002B48000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928788246.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926980686.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928844904.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926765925.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1927526192.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#eqn-modulo
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassContents
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassIntersection
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetCharacter
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetExpression
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetOperand
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetRange
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetReservedDoublePunctuator
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetReservedPunctuator
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetSyntaxCharacter
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassString
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassStringDisjunction
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassStringDisjunctionContents
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSubtraction
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassUnion
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-NestedClass
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-NonEmptyClassString
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: Yoranis Setup.exe, 00000000.00000003.1944136948.000000000566A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-defineownproperty-p-de
Source: Yoranis Setup.exe, 00000000.00000003.1944136948.000000000566A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-getownproperty-p
Source: Yoranis Setup.exe, 00000000.00000003.1944136948.000000000566A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-getprototypeof
Source: Yoranis Setup.exe, 00000000.00000003.1944136948.000000000566A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-ownpropertykeys
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-timeclip
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-tonumber
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#table-typeof-operator-results
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/security).
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc1928#section-3
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5234#appendix-B.1
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc6455#section-1.3
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://travis-ci.org/JoshGlazebrook/smart-buffer)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://travis-ci.org/JoshGlazebrook/smart-buffer.svg?branch=master)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/intent/user?screen_name=troygoode)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://unpkg.com/cliui
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://unpkg.com/yargs-parser
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#dom-urlsearchparams-urlsearchparams
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dfn-mark-resource-timing
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dfn-setup-the-resource-timing-entry
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dom-performance-setresourcetimingbuffersize
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#grammardef-option-expression
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webcrypto/#SubtleCrypto-method-wrapKey
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webcrypto/#algorithm-normalization-normalize-an-algorithm
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webassembly.github.io/spec/web-api
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#abstract-opdef-converttoint
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#abstract-opdef-integerpart
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#es-DOMString
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#es-dictionary
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5093566007214080
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5093566007214080ErrorEventInit
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5636954674692096
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5644273861001216.
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5682658461876224.
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-term
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/buffer-alloc)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/buffer-from)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/safe-buffer)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/safer-buffer)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/wrap-ansi
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.patreon.com/feross
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8288.html#section-3
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yargs.js.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405461
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.00000000073EE000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: RegisterRawInputDevices() failed for RIDEV_REMOVE memstr_c3360627-3
Source: conhost.exeProcess created: 61
Source: cmd.exeProcess created: 108

System Summary

barindex
Drops large PE files
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile dump: YoransSetup.exe.0.dr 173936640Jump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile dump: YoransSetup.exe0.0.dr 173936640Jump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_00406B150_2_00406B15
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_004072EC0_2_004072EC
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_00404C9E0_2_00404C9E
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess token adjusted: SecurityJump to behavior
Source: YoransSetup.exe0.0.drStatic PE information: Number of sections : 15 > 10
Source: vulkan-1.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: libEGL.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: dxcompiler.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: libGLESv2.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: dxcompiler.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: libEGL.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: YoransSetup.exe.0.drStatic PE information: Number of sections : 15 > 10
Source: Yoranis Setup.exe, 00000000.00000003.1771495959.0000000005C46000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs Yoranis Setup.exe
Source: Yoranis Setup.exe, 00000000.00000003.1879569917.0000000005066000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dllb! vs Yoranis Setup.exe
Source: Yoranis Setup.exe, 00000000.00000003.1884656243.0000000005069000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevk_swiftshader.dll, vs Yoranis Setup.exe
Source: Yoranis Setup.exe, 00000000.00000003.1863640706.0000000005064000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs Yoranis Setup.exe
Source: Yoranis Setup.exe, 00000000.00000003.1864904434.000000000506D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Yoranis Setup.exe
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename8 vs Yoranis Setup.exe
Source: Yoranis Setup.exe, 00000000.00000003.1887263161.0000000005068000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename8 vs Yoranis Setup.exe
Source: Yoranis Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: // did the user specify their own .sln file?
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: * On Windows, find the first build/*.sln file.
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: glob('build/*.sln', function (err, files) {
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: return path.extname(arg) === '.sln'
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: print('Usage: %s "c:\\path\\to\\project.sln"' % sys.argv[0])
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: return callback(new Error('Could not find *.sln file. Did you run "configure"?'))
Source: classification engineClassification label: mal76.troj.spyw.evad.winEXE@318/418@13/8
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_00404722 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404722
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_00402104 CoCreateInstance,0_2_00402104
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8012:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7336:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7420:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7648:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7624:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4948:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7676:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8036:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1184:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7212:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7388:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7632:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7360:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7892:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7644:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4124:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3736:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7248:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7576:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7172:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6184:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5184:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4556:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7296:120:WilError_03
Source: C:\Users\user\Desktop\Yoranis Setup.exeMutant created: \Sessions\1\BaseNamedObjects\b4a0680f-9ee1-57b1-adfd-e68812be32d6
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7680:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1352:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6940:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7584:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7608:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7868:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8152:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7404:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7192:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7772:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7456:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3796:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6212:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8072:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6180:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7428:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7412:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2448:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7400:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7280:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6280:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8016:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7876:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5436:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7344:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6548:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4628:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7752:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5856:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7300:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8108:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7764:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8040:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7380:120:WilError_03
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsu7E06.tmpJump to behavior
Source: Yoranis Setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Yoranis Setup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'YORANSSETUP.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\find.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "orbitum.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "brave.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "firefox.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "iridium.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "opera.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "uran.exe")
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'FIREFOX.EXE'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "orbitum.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "kometa.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "epicprivacybrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vivaldi.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'FIREFOX.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "epicprivacybrowser.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'CHROME.EXE'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "sputnik.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "7star.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "iridium.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "yandex.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'MSEDGE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "centbrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "uran.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "Steam.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "brave.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "brave.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "firefox.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "orbitum.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "opera.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "centbrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "kometa.exe")
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "sputnik.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "7star.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "uran.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vivaldi.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "yandex.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'FIREFOX.EXE'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "epicprivacybrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "uran.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "iridium.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'MSEDGE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'CHROME.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'FIREFOX.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "7star.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "firefox.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "Steam.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "javaw.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "iridium.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.00000000074F7000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT name FROM sqlite_master WHERE type='table';
Source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
Source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile read: C:\Users\user\Desktop\Yoranis Setup.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Yoranis Setup.exe "C:\Users\user\Desktop\Yoranis Setup.exe"
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YoransSetup.exe" /FO csv | "C:\Windows\system32\find.exe" "YoransSetup.exe"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "YoransSetup.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1748 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl http://api.ipify.org/ --ssl-no-revoke
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2428 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2112 --field-trial-handle=1984,i,3389205332898887649,4173586543709646972,262144 /prefetch:3
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\backgroundTaskHost.exe "C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YoransSetup.exe" /FO csv | "C:\Windows\system32\find.exe" "YoransSetup.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "YoransSetup.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1748 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2428 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl http://api.ipify.org/ --ssl-no-revoke
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2112 --field-trial-handle=1984,i,3389205332898887649,4173586543709646972,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: ulib.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: fsutilext.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mscms.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dxil.dll
Source: C:\Windows\System32\curl.exeSection loaded: secur32.dll
Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\curl.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\curl.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\curl.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\Yoranis Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: C:\Users\user\Desktop\Yoranis Setup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b4a0680f-9ee1-57b1-adfd-e68812be32d6Jump to behavior
Source: Yoranis Setup.exeStatic file information: File size 87733089 > 1048576
Source: Yoranis Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\PROFESSIONAL\VC\TOOLS\MSVC\14.42.34433\LIB\X64\LIBCMT.AMD64.PDB source: Yoranis Setup.exe, 00000000.00000003.1934907956.0000000005FF1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: Yoranis Setup.exe, 00000000.00000003.1863640706.0000000005064000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: Yoranis Setup.exe, 00000000.00000003.1872786906.000000000506F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: Yoranis Setup.exe, 00000000.00000003.1863640706.0000000005064000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\electron.exe.pdb source: Yoranis Setup.exe, 00000000.00000003.1859194180.00000000066A0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: Yoranis Setup.exe, 00000000.00000003.1884656243.0000000005069000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\node-sqlite3\node-sqlite3\build\Release\node_sqlite3.pdb source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\win-version-info\win-version-info\build\Release\VersionInfo.pdb source: Yoranis Setup.exe, 00000000.00000003.1945320349.000000000566A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\PROFESSIONAL\VC\TOOLS\MSVC\14.42.34433\LIB\X64\LIBCPMT.AMD64.PDB source: Yoranis Setup.exe, 00000000.00000003.1934907956.0000000005FF1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: Yoranis Setup.exe, 00000000.00000003.1885877191.0000000005F22000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

barindex
Suspicious powershell command line found
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: dxil.dll.0.drStatic PE information: 0x7DBE8527 [Fri Nov 7 02:32:07 2036 UTC]
Source: dxcompiler.dll.0.drStatic PE information: section name: .00cfg
Source: dxcompiler.dll.0.drStatic PE information: section name: .gxfg
Source: dxcompiler.dll.0.drStatic PE information: section name: .retplne
Source: dxcompiler.dll.0.drStatic PE information: section name: _RDATA
Source: dxil.dll.0.drStatic PE information: section name: _RDATA
Source: ffmpeg.dll.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll.0.drStatic PE information: section name: _RDATA
Source: libEGL.dll.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll.0.drStatic PE information: section name: .gxfg
Source: libEGL.dll.0.drStatic PE information: section name: .retplne
Source: libEGL.dll.0.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.0.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.0.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.0.drStatic PE information: section name: _RDATA
Source: YoransSetup.exe.0.drStatic PE information: section name: .00cfg
Source: YoransSetup.exe.0.drStatic PE information: section name: .gxfg
Source: YoransSetup.exe.0.drStatic PE information: section name: .retplne
Source: YoransSetup.exe.0.drStatic PE information: section name: .rodata
Source: YoransSetup.exe.0.drStatic PE information: section name: CPADinfo
Source: YoransSetup.exe.0.drStatic PE information: section name: LZMADEC
Source: YoransSetup.exe.0.drStatic PE information: section name: _RDATA
Source: YoransSetup.exe.0.drStatic PE information: section name: malloc_h
Source: dxcompiler.dll0.0.drStatic PE information: section name: .00cfg
Source: dxcompiler.dll0.0.drStatic PE information: section name: .gxfg
Source: dxcompiler.dll0.0.drStatic PE information: section name: .retplne
Source: dxcompiler.dll0.0.drStatic PE information: section name: _RDATA
Source: dxil.dll0.0.drStatic PE information: section name: _RDATA
Source: ffmpeg.dll0.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll0.0.drStatic PE information: section name: _RDATA
Source: libEGL.dll0.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll0.0.drStatic PE information: section name: .gxfg
Source: libEGL.dll0.0.drStatic PE information: section name: .retplne
Source: libEGL.dll0.0.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll0.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll0.0.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll0.0.drStatic PE information: section name: .retplne
Source: libGLESv2.dll0.0.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll0.0.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll0.0.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll0.0.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll0.0.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll0.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll0.0.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll0.0.drStatic PE information: section name: .retplne
Source: vulkan-1.dll0.0.drStatic PE information: section name: _RDATA
Source: YoransSetup.exe0.0.drStatic PE information: section name: .00cfg
Source: YoransSetup.exe0.0.drStatic PE information: section name: .gxfg
Source: YoransSetup.exe0.0.drStatic PE information: section name: .retplne
Source: YoransSetup.exe0.0.drStatic PE information: section name: .rodata
Source: YoransSetup.exe0.0.drStatic PE information: section name: CPADinfo
Source: YoransSetup.exe0.0.drStatic PE information: section name: LZMADEC
Source: YoransSetup.exe0.0.drStatic PE information: section name: _RDATA
Source: YoransSetup.exe0.0.drStatic PE information: section name: malloc_h
Source: node_sqlite3.node.0.drStatic PE information: section name: _RDATA
Source: node.napi.node0.0.drStatic PE information: section name: _RDATA
Source: registry.node.0.drStatic PE information: section name: .fptable
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\dxcompiler.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\dxcompiler.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\dxil.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\dxil.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\YoransSetup.exeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YoransSetup.lnkJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2924
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3181
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\dxcompiler.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\dxcompiler.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6956Thread sleep count: 2924 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6908Thread sleep count: 3181 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5184Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3760Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059CC
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\localesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-jsJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpackedJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modulesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resourcesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\buildJump to behavior
Source: Yoranis Setup.exe, 00000000.00000003.1944369630.0000000002B57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}i
Source: Yoranis Setup.exe, 00000000.00000003.1942971341.0000000002B46000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d
Source: Yoranis Setup.exe, 00000000.00000003.1942971341.0000000002B46000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Yoranis Setup.exe, 00000000.00000003.1945860756.0000000002B51000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}h
Source: Yoranis Setup.exe, 00000000.00000003.1944369630.0000000002B57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}H
Source: Yoranis Setup.exe, 00000000.00000003.1943425658.0000000002B48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Yoranis Setup.exe, 00000000.00000003.1940472067.0000000002B66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}F
Source: Yoranis Setup.exe, 00000000.00000003.1943425658.0000000002B48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}pp
Source: Yoranis Setup.exe, 00000000.00000003.1944369630.0000000002B57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Local
Source: Yoranis Setup.exe, 00000000.00000003.1942254073.0000000002B4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}?
Source: Yoranis Setup.exe, 00000000.00000003.1942971341.0000000002B46000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}?Local;\n/g, '' ],
Source: Yoranis Setup.exe, 00000000.00000003.1944369630.0000000002B57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Z
Source: Yoranis Setup.exe, 00000000.00000003.1945860756.0000000002B51000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}EH
Source: Yoranis Setup.exe, 00000000.00000003.1943425658.0000000002B48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}U
Source: Yoranis Setup.exe, 00000000.00000003.1872786906.000000000506F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tga2
Source: Yoranis Setup.exe, 00000000.00000003.1944369630.0000000002B57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.ProgramsC
Source: Yoranis Setup.exe, 00000000.00000003.1943425658.0000000002B48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#4&224f42A&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}?Local;\n/g, '' ],
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.000000000748D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: Yoranis Setup.exe, 00000000.00000003.1872786906.000000000506F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Screen Codec / VMware Video
Source: Yoranis Setup.exe, 00000000.00000003.1944369630.0000000002B57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}ER
Source: Yoranis Setup.exe, 00000000.00000003.1936563383.0000000005F4F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}YGm
Source: C:\Users\user\Desktop\Yoranis Setup.exeAPI call chain: ExitProcess graph end nodegraph_0-3407
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Excessive usage of taskkill to terminate processes
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YoransSetup.exe" /FO csv | "C:\Windows\system32\find.exe" "YoransSetup.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "YoransSetup.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1748 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2428 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl http://api.ipify.org/ --ssl-no-revoke
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "c:\users\user\appdata\local\programs\unrealgame\yoranssetup.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1748 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kwebsqlaccess --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "c:\users\user\appdata\local\programs\unrealgame\yoranssetup.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --mojo-platform-channel-handle=2428 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kwebsqlaccess --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "c:\users\user\appdata\local\programs\unrealgame\yoranssetup.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1748 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kwebsqlaccess --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "c:\users\user\appdata\local\programs\unrealgame\yoranssetup.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --mojo-platform-channel-handle=2428 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kwebsqlaccess --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8Jump to behavior
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.000000000735B000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ..\..\third_party\webrtc\modules\desktop_capture\win\window_capture_utils.ccFail to create instance of VirtualDesktopManagerChrome_WidgetWin_Progman..\..\third_party\webrtc\modules\desktop_capture\cropping_window_capturer.ccWindow no longer on top when ScreenCapturer finishesScreenCapturer failed to capture a frameWindow rect is emptyWindow is outside of the captured displaySysShadowWebRTC.DesktopCapture.Win.WindowGdiCapturerFrameTimeWindowCapturerWinGdi::CaptureFrame..\..\third_party\webrtc\modules\desktop_capture\win\window_capturer_win_gdi.ccWindow hasn't been selected: Target window has been closed.Failed to get drawable window area: Failed to get window DC: Failed to create frame.Both PrintWindow() and BitBlt() failed.Capturing owned window failed (previous error/warning pertained to that)WebRTC.DesktopCapture.BlankFrameDetectedWebRTC.DesktopCapture.PrimaryCapturerSelectSourceErrorWebRTC.DesktopCapture.PrimaryCapturerErrorWebRTC.DesktopCapture.PrimaryCapturerPermanentErrordwmapi.dllDwmEnableCompositionScreenCapturerWinGdi::CaptureFrame..\..\third_party\webrtc\modules\desktop_capture\win\screen_capturer_win_gdi.ccFailed to capture screen by GDI.WebRTC.DesktopCapture.Win.ScreenGdiCapturerFrameTimedesktop_dc_memory_dc_Failed to get screen rect.Failed to create frame buffer.Failed to select current bitmap into memery dc.BitBlt failed..\..\third_party\webrtc\modules\desktop_capture\win\cursor.ccCreateMouseCursorFromHCursorUnable to get cursor icon info. Error = Unable to get bitmap info. Error = Unable to get bitmap bits. Error = `
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\sqlite3\package.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\registry-js\package.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\registry-js\dist\lib\index.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\registry-js\dist\lib\registry.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\win-version-info\package.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\win-version-info\index.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\win-version-info\package.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey\Autofill VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey\Cookies VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey\Autofill VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey\Passwords VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey\Autofill VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey\Cookies VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey\Passwords VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Program Files\Google\Chrome\Application\chrome.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db-journal VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OptimizationHints VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\Downloads VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-dMCMG5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-dMCMG5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-dMCMG5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0196354653 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0196354653 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0518291756 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0615447233 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0615447233 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0653671941 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0653671941 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0666563528 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0887538035 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0887538035 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1033868256 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1287572840 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1343496627 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1343496627 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1417002460 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db.session64 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2109793820 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2160417493 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2265332024 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2265465471 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2385760553 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4144085054 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5281104033 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5367203117 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8351801105 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-04 13-00-50-743.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_installer.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_installer.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\dbghelp.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\dbghelp.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231003-1258b.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231003-1258b.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231003-1258c.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-0929.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-0929.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-0929c.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-0929c.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1051c.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1051c.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696334775820156800_6EB929AF-656E-4F43-9731-EA7753E1F1BD.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696334775820156800_6EB929AF-656E-4F43-9731-EA7753E1F1BD.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\prep_Form_JSI_API_not_a_real_file_V8_perf.cache VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\pingme.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\pingme.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local Storage\leveldbJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior

Remote Access Functionality

barindex
Attempt to bypass Chrome Application-Bound Encryption
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts211
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		11
Disable or Modify Tools		1
OS Credential Dumping		3
File and Directory Discovery		Remote Services1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		1
Windows Service		1
Access Token Manipulation		1
Timestomp		11
Input Capture		36
System Information Discovery		Remote Desktop Protocol1
Data from Local System		12
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
PowerShell		1
Registry Run Keys / Startup Folder		1
Windows Service		1
DLL Side-Loading		Security Account Manager21
Security Software Discovery		SMB/Windows Admin Shares11
Input Capture		1
Remote Access Software		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook12
Process Injection		11
Masquerading		NTDS3
Process Discovery		Distributed Component Object Model1
Clipboard Data		2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Registry Run Keys / Startup Folder		121
Virtualization/Sandbox Evasion		LSA Secrets121
Virtualization/Sandbox Evasion		SSHKeylogging3
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Access Token Manipulation		Cached Domain Credentials1
Application Window Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
Process Injection		DCSync1
Remote System Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584251 Sample: Yoranis Setup.exe Startdate: 05/01/2025 Architecture: WINDOWS Score: 76 55 file.io 2->55 57 api.iwannaeatcats.com 2->57 59 2 other IPs or domains 2->59 81 Drops large PE files 2->81 83 AI detected suspicious sample 2->83 8 YoransSetup.exe 16 2->8         started        12 Yoranis Setup.exe 12 787 2->12         started        signatures3 process4 dnsIp5 71 file.io 143.244.215.221, 443, 49750, 49770 COGENT-174US United States 8->71 73 api.iwannaeatcats.com 172.67.193.41, 443, 49744, 49745 CLOUDFLARENETUS United States 8->73 75 api.gofile.io 45.112.123.126, 443, 49748, 49769 AMAZON-02US Singapore 8->75 85 Attempt to bypass Chrome Application-Bound Encryption 8->85 87 Tries to harvest and steal browser information (history, passwords, etc) 8->87 89 Excessive usage of taskkill to terminate processes 8->89 15 cmd.exe 8->15         started        18 cmd.exe 8->18         started        20 cmd.exe 8->20         started        24 60 other processes 8->24 47 C:\Users\user\AppData\...\YoransSetup.exe, PE32+ 12->47 dropped 49 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 12->49 dropped 51 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 12->51 dropped 53 34 other files (none is malicious) 12->53 dropped 22 cmd.exe 1 12->22         started        file6 signatures7 process8 dnsIp9 95 Excessive usage of taskkill to terminate processes 15->95 27 taskkill.exe 15->27         started        30 conhost.exe 15->30         started        32 WMIC.exe 18->32         started        34 conhost.exe 18->34         started        97 Suspicious powershell command line found 20->97 41 2 other processes 20->41 43 3 other processes 22->43 77 chrome.cloudflare-dns.com 162.159.61.3, 443, 49749, 62207 CLOUDFLARENETUS United States 24->77 79 239.255.255.250 unknown Reserved 24->79 36 msedge.exe 24->36         started        39 curl.exe 24->39         started        45 108 other processes 24->45 signatures10 process11 dnsIp12 91 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 32->91 93 Queries memory information (via WMI often done to detect virtual machines) 32->93 61 googlehosted.l.googleusercontent.com 142.250.185.161, 443, 49765 GOOGLEUS United States 36->61 63 ntp.msn.com 36->63 69 2 other IPs or domains 36->69 65 api.ipify.org 104.26.13.205, 49740, 80 CLOUDFLARENETUS United States 39->65 67 127.0.0.1 unknown unknown 39->67 signatures13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Yoranis Setup.exe3%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\dxcompiler.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\dxil.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\vulkan-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\YoransSetup.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\dxcompiler.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\dxil.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.node5%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\detect-libc\bin\detect-libc.js0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\tools\clang-format.js0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\tools\conversion.js0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\bin.js0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\semver\bin\semver0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.node0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\tools\clang-format.js0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\tools\conversion.js0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\tools\eslint-format.js0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\bin.js0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.node0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.node0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\elevate.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\vulkan-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\SpiderBanner.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\StdUtils.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\nsExec.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\nsis7z.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
162.159.61.3
truefalse
    		high
    file.io
    		143.244.215.221
    		truefalse
      		high
      api.iwannaeatcats.com
      		172.67.193.41
      		truefalse
        		unknown
        api.ipify.org
        		104.26.13.205
        		truefalse
          		high
          api.gofile.io
          		45.112.123.126
          		truefalse
            		high
            googlehosted.l.googleusercontent.com
            		142.250.185.161
            		truefalse
              		high
              clients2.googleusercontent.com
              		unknown
              		unknownfalse
                		high
                bzib.nelreports.net
                		unknown
                		unknownfalse
                  		high
                  ntp.msn.com
                  		unknown
                  		unknownfalse
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://github.com/lgeiger/node-abi/issues/54Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                      https://github.com/nazar-pc)Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                        https://github.com/npm/move-fileYoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                          https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-statusYoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpfalse
                            https://tools.ietf.org/html/rfc6455#section-1.3Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                              https://www.ecma-international.org/ecma-262/8.0/#sec-atomescapeYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                https://github.com/yargs/set-blocking.gitYoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                  https://support.google.com/chrome/answer/6098869Yoranis Setup.exe, 00000000.00000003.1926405713.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928149958.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1925582048.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1929896230.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926437841.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928405930.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1925615602.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928365141.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1929233631.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1933497964.0000000002B48000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928788246.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926980686.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928844904.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926765925.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1927526192.0000000002B44000.00000004.00000020.00020000.00000000.sdmpfalse
                                    https://nodejs.org/download/release/v18.18.0/win-x64/node.libYoranis Setup.exe, 00000000.00000003.1860033015.00000000072A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                      https://github.com/prebuild/prebuild-installYoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                        https://github.com/WebBluetoothCG/web-bluetooth/blob/main/implementation-status.mdYoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpfalse
                                          https://www.ecma-international.org/ecma-262/8.0/#prod-AtomYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                            https://github.com/nodejs/node/pull/35941Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              https://www.chromestatus.com/feature/5093566007214080Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpfalse
                                                https://console.spec.whatwg.org/#tableYoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  https://github.com/nodejs/string_decoderYoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    https://secure.travis-ci.org/troygoode/node-require-directory.png)Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      https://tc39.es/ecma262/#prod-ClassStringDisjunctionContentsYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        https://www.patreon.com/ferossYoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          https://github.com/tc39/proposal-weakrefsYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            https://goo.gl/t5IS6M).Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              https://tc39.es/ecma262/#prod-ClassSetRangeYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AssertionYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.jsYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    https://github.com/ChALkeRYoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      https://url.spec.whatwg.org/#concept-urlencoded-serializerYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        http://example.subYoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          https://url.spec.whatwg.org/#dom-urlsearchparams-urlsearchparamsYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            http://127.0.0.1/32Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              https://yargs.js.org/Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                https://semver.org/Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  https://nodejs.org/api/fs.htmlYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    https://npmjs.org/package/require-directory))Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      https://chromium.googlesource.com/chromium/src/Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        https://github.com/prebuild/node-gyp-buildYoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          https://github.com/tim-kos/node-retryYoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              http://www.midnight-commander.org/browser/lib/tty/key.cYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                https://nodejs.org/Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  https://tools.ietf.org/html/rfc7540#section-8.1.2.5Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    http://exslt.org/commonYoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      https://github.com/npm/cacacheYoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4DigitsYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscapeYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            https://github.com/JoshGlazebrook/socks/Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetterYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                https://www.npmjs.com/package/safe-buffer)Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  https://tc39.es/ecma262/#sec-timeclipYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    https://nodei.co/npm/require-directory/)Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      http://127.0.0.1Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        https://github.com/nodejs/node/pull/33661Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/endsWithYoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            http://istanbul-js.org/Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              https://travis-ci.org/JoshGlazebrook/smart-buffer)Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                https://coveralls.io/github/JoshGlazebrook/smart-buffer?branch=master)Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  https://github.com/WICG/scheduling-apisYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    https://code.google.com/p/chromium/issues/detail?id=25916Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      https://webidl.spec.whatwg.org/#abstract-opdef-converttointYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        https://github.com/ppollono)Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          http://www.opensource.org/licenses/mit-license.php)Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            https://github.com/stingstrom)Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              https://twitter.com/intent/user?screen_name=troygoode)Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                https://fetch.spec.whatwg.org/#fetch-timing-infoYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  https://webassembly.github.io/spec/web-apiYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-statusFailedYoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      https://github.com/nodejs/node/pull/12607Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        https://www.ecma-international.org/ecma-262/#sec-line-terminatorsYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          https://developer.chrome.com/docs/extensions/mv3/service_workers/events/ScriptYoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txtYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              https://github.com/joyeecheung/node-dep-codemod#dep005)Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                https://github.com/npm/node-tar/issues/183Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    https://tc39.es/ecma262/#prod-ClassSetSyntaxCharacterYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      https://gitlab.freedesktop.org/xdg/xdgmimeYoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        https://tc39.es/ecma262/#prod-ClassUnionYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          http://www.unicode.org/copyright.htmlYoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            https://beacons.gcp.gvt2.com/domainreliability/uploadYoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1860033015.00000000074F7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              https://github.com/RyanZim/universalify.gitYoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtomYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  https://heycam.github.io/webidl/#es-iterable-entriesYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    https://heycam.github.io/webidl/#es-interfacesYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                      https://unpkg.com/cliuiYoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        https://github.com/nodejs/node/issuesYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                          https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigitsYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                            https://github.com/denoland/deno/blob/main/LICENSE.md.Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                              https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunkYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                https://tc39.github.io/ecma262/#sec-object.prototype.tostringYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  https://github.com/sponsors/isaacsYoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    https://chromeenterprise.google/policies/#BrowserSwitcherUrlListYoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      https://github.com/npm/ssriYoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        https://github.com/JoshGlazebrook/socks.gitYoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          https://streams.spec.whatwg.org/#example-manual-write-with-backpressureYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setintervalYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              https://github.com/sponsors/ferossYoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                https://heycam.github.io/webidl/#dfn-class-stringYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  https://heycam.github.io/webidl/#dfn-iterator-prototype-objectYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    http://tootallnate.net)Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      https://datatracker.ietf.org/doc/html/rfc7238Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        https://github.com/nodejs/node/pull/38614)Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          https://tc39.es/ecma262/#prod-ClassSetReservedPunctuatorYoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpfalse

                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                            143.244.215.221
                                                                                                                                                                                                                            		file.ioUnited States
                                                                                                                                                                                                                            		174COGENT-174USfalse
                                                                                                                                                                                                                            172.67.193.41
                                                                                                                                                                                                                            		api.iwannaeatcats.comUnited States
                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                            162.159.61.3
                                                                                                                                                                                                                            		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                            239.255.255.250
                                                                                                                                                                                                                            		unknownReserved
                                                                                                                                                                                                                            		unknownunknownfalse
                                                                                                                                                                                                                            142.250.185.161
                                                                                                                                                                                                                            		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                            45.112.123.126
                                                                                                                                                                                                                            		api.gofile.ioSingapore
                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                            104.26.13.205
                                                                                                                                                                                                                            		api.ipify.orgUnited States
                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                                            Private

                                                                                                                                                                                                                            IP
                                                                                                                                                                                                                            127.0.0.1

                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                            Analysis ID:1584251
                                                                                                                                                                                                                            Start date and time:2025-01-05 00:03:13 +01:00
                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                            Overall analysis duration:0h 13m 25s
                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                            Number of analysed new started processes analysed:191
                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                            Sample name:Yoranis Setup.exe
                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                            Classification:mal76.troj.spyw.evad.winEXE@318/418@13/8
                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                                            • Number of executed functions: 41
                                                                                                                                                                                                                            • Number of non-executed functions: 26
                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 13.107.42.16, 204.79.197.203, 13.107.21.239, 204.79.197.239, 142.250.181.238, 13.107.6.158, 2.16.168.113, 2.16.168.107, 20.56.187.20, 4.245.163.56, 184.28.90.27, 173.222.162.32, 20.190.159.64, 13.107.246.45
                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, clients2.google.com, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, bzib.nelreports.net.akamaized.net, otelrules.azureedge.net, a-0003.a-msedge.net, ctldl.windowsupdate.com, www-msn-com.a-0003.a-msedge.net, b-0005.b-msedge.net, prod-atm-wds-edge.trafficmanager.net, edge.microsoft.com, business-bing-com.b-0005.b-msedge.net, fe3cr.delivery.mp.microsoft.com, l-0007.config.skype.com, business.bing.com, clients.l.google.com, prod-agic-we-3.westeurope.cloudapp.azure.com, dual-a-0036.a-msedge.net
                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                            • VT rate limit hit for: Yoranis Setup.exe

                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                            18:04:20API Interceptor7x Sleep call for process: Yoranis Setup.exe modified
                                                                                                                                                                                                                            18:04:39API Interceptor3x Sleep call for process: WMIC.exe modified
                                                                                                                                                                                                                            18:04:44API Interceptor4x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                            18:04:51API Interceptor1x Sleep call for process: dllhost.exe modified

                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            162.159.61.3random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                http://www.cipassoitalia.it/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                                  Setup.exe.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                      MJhe4xWsnR.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        MJhe4xWsnR.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            Bp4LoSXw83.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                239.255.255.2504XYAW8PbZH.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                  phishingemail.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    phishingtest.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      http://livedashboardkit.infoGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        iGhDjzEiDU.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                          random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              1735939565593f5d6bf694464eb338b020a826ec212acacc46d4424bb914edbae3d507116e469.dat-decoded.exeGet hashmaliciousLiteHTTP BotBrowse
                                                                                                                                                                                                                                                                https://track2.mccarthysearch.com/9155296/c?p=UJEwZLRSuPVlnD1ICTWZusB5H46ZFxhQFeZmgv_N89FzkqdhuHSGoPyB5qZfahmny00oVnRJ_XGR4M89Ovy-j3JZN_nz1Nb-BfHfDXVFwrd4A8njKtxWHgVV9KpuZ3ad6Xn31h13Ok4dSqgAUkhmVH1KUMKOlrKi5AYGmafMXkrBRxU_B4vy7NXVbEVJ970TwM25LbuS_B0xuuC5g8ehQDyYNyEV1WCghuhx_ZKmrGeOOXDf8HkQ-KOwv_tecp8TMdskXzay5lvoS31gB-nWxsjPaZ8f84KWvabQB4eF73ffpyNcTpJues_4IHHPjEKJ9ritMRTaHbFdQGNT_n13X_E7no0nMmaegQjwo4kKGu6oR02iG2c_6ucy3I6d8vsNl324Pjhx3M20dDmfZAju1roW9lGyO1LfgEnp1iSAFpx4kA7frEmKGzJYNX_cZrwVBoH8vvIYauXGnXBrZacRhuZGGbOjW2HHr9KF-0q7xjdgG2hxjWZ2H9zjubJGDnUjHRfiIr_-0bem1pLFqziEmy0450LGuXV23cQ6GD8yuK9tuRwMIF0sbkhVqONC0e6TsXlkUuTRAVWBbLlRPcygJ-CbukwvFtAxobVQ8-PpIuGj97DYFnmbfbJrrZDtH57TpdP4AxtW5k74BKSXvb1B6JX0p7Oyr1kXxLs_OrNPdAdrf8gXR35D9W7WeQ2zhPEqP0Mv5sJx4DlYh6Y4FqgPfCRFcDcL7Cy3HSlJ0XYfv-ae4o-hdX_0rJPqEG_-Bn2yj60YPDYpE8KDIgC_ZMwlNLdK4pAK6vSt4NWDncuV5y7QDqt97ribjd4U3AOvQTKW9r_eMky9-IC9hkSPrg2S0ZBgA9ITW3AQ3v-lq94cAwt1v1RLaFgsy67l_7lni1gYsZaQdOsFJsDpCFYaZsTMcVz2QAnQ_2UidhzlUekPl5xh9LNe9o77rO1FolZslooaXxCf2U2RZmvUA6NCNiGZ8KSsoUYTnqAHenvBJVJwMWd66yD2O60rC3Ic2qOQ1KOF9AB6-iFTvQFxtSTjS2hFwi7N97LeQtVYKhdzZuq2SasgJg0JPnZiFv_FSbgmiodqx9rz_lWIqWQNoQVht-oO2BfFxSF_aedAmm2MuQAL7z8UjBf_deiKwQyfKOyA6ZkAJ14F9xwhNm9F7B4PBgDtocqJQBjw5Cf1jCBSAs3nSYP2_nzofJuQSXd-YD9PIzkkmJw7Nqux7IgJ6p1z2Hsf6i3zShVdZY3g2mmA1xR1FV1LoSYwcRBqZt3pv0UDjuqCEoiqKDuyT0rkhqTRLo29uuM588Lna16PFSgSLoLUhnJ2rx8NLQQc5TqrsGjlN-ulCwTEyA0C9Epz9mxq14yDjw==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  https://covid19.protected-forms.com/XQTNkY0hwMkttOEdiZmZ0V2RRTHpDdDNqUTROanhES0NBYmdFOG1KTGRSTUtrK3VMMzlEN1JKVVFXNUxaNGJOQmd1YzQ3ajJMeVdZUDU3TytRbGtIaFhWRkxnT0lkeTZhdy9xWEhjeFBoRXRTb2hxdjlVbi9iSk1qZytLQ0JxRjd4UmpOS3VUQ2lpOEZneTRoVmpzY2dyekR1WlhYOWVteVcrUXg0a2Y2aEU2ZEZwMVNId3R0U01RK3N3PT0tLVR0bDl1WEFUelg3K2VzTystLUxaMkFrZnU0UmJXRkR3aE5NRE9BOEE9PQ==?cid=2351432832Get hashmaliciousKnowBe4Browse
                                                                                                                                                                                                                                                                    143.244.215.221Kameta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      Kameta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        iDvmIRCPBw.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          ZdXUGLQpoL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            jaPB8q3WL1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              00514DIRyT.exeGet hashmaliciousGO StealerBrowse
                                                                                                                                                                                                                                                                                172.67.193.41https://app.box.com/s/ufbcj0sgci60l323b31zkyzlvlhw9fgyGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  MisconductReport.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    phish_alert_iocp_v1.4.48.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      https://my.decklinks.com/ccommercials/shared/Zv3ExheJd1aBGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                        chrome.cloudflare-dns.comrandom.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                                                        random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                                                        http://www.cipassoitalia.it/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                                                        EwpsQzeky5.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                                                        Setup.exe.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                                                        over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                                                        MJhe4xWsnR.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                                                        MJhe4xWsnR.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                                                        6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                                                                                        Bp4LoSXw83.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                                                                        api.gofile.iofile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126
                                                                                                                                                                                                                                                                                        rename_me_before.exeGet hashmaliciousPython Stealer, Exela StealerBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126
                                                                                                                                                                                                                                                                                        dsoft.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126
                                                                                                                                                                                                                                                                                        main.exeGet hashmaliciousPython Stealer, Discord Token Stealer, PRYSMAX STEALERBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126
                                                                                                                                                                                                                                                                                        main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126
                                                                                                                                                                                                                                                                                        urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126
                                                                                                                                                                                                                                                                                        urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126
                                                                                                                                                                                                                                                                                        stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126
                                                                                                                                                                                                                                                                                        stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126
                                                                                                                                                                                                                                                                                        api.ipify.orgfile.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                                                        • 104.26.12.205
                                                                                                                                                                                                                                                                                        http://www.cipassoitalia.it/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                                                                                                        • 172.67.74.152
                                                                                                                                                                                                                                                                                        https://telegra.ph/Clarkson-122025-01-02Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        • 104.26.12.205
                                                                                                                                                                                                                                                                                        vEtDFkAZjO.exeGet hashmaliciousRL STEALER, StormKittyBrowse
                                                                                                                                                                                                                                                                                        • 104.26.12.205
                                                                                                                                                                                                                                                                                        Statement of Account - USD 16,720.00.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                        • 104.26.12.205
                                                                                                                                                                                                                                                                                        RtU8kXPnKr.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                        • 104.26.12.205
                                                                                                                                                                                                                                                                                        Loader.exeGet hashmaliciousMeduza StealerBrowse
                                                                                                                                                                                                                                                                                        • 104.26.13.205
                                                                                                                                                                                                                                                                                        Jx6bD8nM4qW9sL3v.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        • 104.26.12.205
                                                                                                                                                                                                                                                                                        dsoft.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                                                                                                                                                                                                                                                                        • 104.26.13.205
                                                                                                                                                                                                                                                                                        soft 1.14.exeGet hashmaliciousMeduza StealerBrowse
                                                                                                                                                                                                                                                                                        • 104.26.13.205
                                                                                                                                                                                                                                                                                        file.iofile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126
                                                                                                                                                                                                                                                                                        rename_me_before.exeGet hashmaliciousPython Stealer, Exela StealerBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126
                                                                                                                                                                                                                                                                                        dsoft.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126
                                                                                                                                                                                                                                                                                        main.exeGet hashmaliciousPython Stealer, Discord Token Stealer, PRYSMAX STEALERBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126
                                                                                                                                                                                                                                                                                        main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126
                                                                                                                                                                                                                                                                                        urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126
                                                                                                                                                                                                                                                                                        urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126
                                                                                                                                                                                                                                                                                        stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126
                                                                                                                                                                                                                                                                                        stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                                        • 45.112.123.126

                                                                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                        CLOUDFLARENETUSfile.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                                                        • 104.26.12.205
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                        • 104.21.64.1
                                                                                                                                                                                                                                                                                        J18zxRjOes.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 104.21.56.70
                                                                                                                                                                                                                                                                                        SOElePqvtf.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 104.21.64.1
                                                                                                                                                                                                                                                                                        m4lz5aeAiN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 104.21.80.1
                                                                                                                                                                                                                                                                                        ehD7zv3l4U.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 104.21.112.1
                                                                                                                                                                                                                                                                                        rdFy6abQ61.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 104.21.96.1
                                                                                                                                                                                                                                                                                        HMhdtzxEHf.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                                                        • 104.21.38.84
                                                                                                                                                                                                                                                                                        9g9LZNE4bH.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                                                                                        • 162.159.137.232
                                                                                                                                                                                                                                                                                        riFSkYVMKB.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                                                                                        • 162.159.138.232
                                                                                                                                                                                                                                                                                        CLOUDFLARENETUSfile.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                                                                                        • 104.26.12.205
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                        • 104.21.64.1
                                                                                                                                                                                                                                                                                        J18zxRjOes.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 104.21.56.70
                                                                                                                                                                                                                                                                                        SOElePqvtf.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 104.21.64.1
                                                                                                                                                                                                                                                                                        m4lz5aeAiN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 104.21.80.1
                                                                                                                                                                                                                                                                                        ehD7zv3l4U.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 104.21.112.1
                                                                                                                                                                                                                                                                                        rdFy6abQ61.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                        • 104.21.96.1
                                                                                                                                                                                                                                                                                        HMhdtzxEHf.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                                                        • 104.21.38.84
                                                                                                                                                                                                                                                                                        9g9LZNE4bH.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                                                                                        • 162.159.137.232
                                                                                                                                                                                                                                                                                        riFSkYVMKB.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                                                                                        • 162.159.138.232
                                                                                                                                                                                                                                                                                        COGENT-174USi686.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                        • 38.60.221.89
                                                                                                                                                                                                                                                                                        6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                                                        • 154.29.71.9
                                                                                                                                                                                                                                                                                        fuckunix.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                        • 38.95.31.31
                                                                                                                                                                                                                                                                                        fuckunix.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                        • 38.3.112.85
                                                                                                                                                                                                                                                                                        Fantazy.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                        • 38.162.253.66
                                                                                                                                                                                                                                                                                        Fantazy.i486.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        • 23.154.10.226
                                                                                                                                                                                                                                                                                        Fantazy.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        • 38.114.1.137
                                                                                                                                                                                                                                                                                        Fantazy.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        • 66.28.124.96
                                                                                                                                                                                                                                                                                        Fantazy.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        • 38.168.213.17
                                                                                                                                                                                                                                                                                        armv6l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                        • 38.148.27.213

                                                                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\19659b53-b62c-4a73-a259-2ec6d5b502ad.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8389
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.789065009309082
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:fsNw2feiRU3Q/6QDk4kN56qRAq1k8SPxVLZ7VTiQ:fsNw0D/DA4A56q3QxVNZTiQ
                                                                                                                                                                                                                                                                                        MD5:D2F0FD1E44558126AFA23C3D3C2634EE
                                                                                                                                                                                                                                                                                        SHA1:35DF4186DA2F219EA4D0C04830930E83DA378C23
                                                                                                                                                                                                                                                                                        SHA-256:A9B89EDE08615957E41BB611EDD69D3196FBDAF51AD29F3D665BB3D3AC6F6959
                                                                                                                                                                                                                                                                                        SHA-512:17940E505C65A44E5329EAF3157F944C6596749858A58B2FF8D2DAE28458ABDFAC805C2CE2EBA0CAFD791972797DD8E0CB22254E3249516790F90FB58FCE50FC
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6779BE94-153C.pma

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.25213257352338747
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:SyCJvn+NqK1RMRGp9RdlmRk0DFQJn7kjGxyen9pg+75:Sy2vGqK1R5pjdlmRk0DCJnAGN9pg+75
                                                                                                                                                                                                                                                                                        MD5:2221F632AE20E955384436846D23570A
                                                                                                                                                                                                                                                                                        SHA1:407B37315A7EF510D8E825E376B52BCBB3D00D98
                                                                                                                                                                                                                                                                                        SHA-256:EBAE6518D43EC9D7D663D459414D41F9A894CBA06AA66A80B256AEFBA8A6FE28
                                                                                                                                                                                                                                                                                        SHA-512:45D7E2F3140BF51113A099241F572AF37DC7079540D39783EDCFD22899A12809EB867B4BCE7C47B5098D0C515E287C5B9EE35BA72C7D27BF8F3D9656C04C3F0D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:...@..@...@.....C.].....@...............hX...W..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....y.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".yodcxg20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./........................<.w..U'D.I..G...W6.....>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....trig

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):280
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.187800137618523
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:FiWWltl/9eIth1iUniIWpCWjwBVP/Sh/JzvLi2RRIxINXj1C:o1/tdiKgjwBVsJDG2Yq2
                                                                                                                                                                                                                                                                                        MD5:1CEB37925B10B46ECAD875662F5DB995
                                                                                                                                                                                                                                                                                        SHA1:8CD9D0AB0FD3B99D1A8CFC110C0BDB5DF7BDCCB5
                                                                                                                                                                                                                                                                                        SHA-256:0A9EFC483D786042BA4890BC423F73AD2F3CF42CB8C3835EE17AE3E1804ADFDE
                                                                                                                                                                                                                                                                                        SHA-512:5F61F4E3DE0832E7D393918AED90791379C2698B4EB9583321607A705438D2E846F05AD8EBC657B07207F93C93ECEBD90EE0A407AD4E94D1EC628BAE1D7F31CD
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:sdPC......................5.y&.K.?...."DmHYrCHlc5lFyRGUq62R3qS1k3Ui6rBGmzkDnx9Vsbw="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................48ea0ba2-e9bb-4568-92cb-0f42a5c5d505............

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\60def924-4844-4206-8487-2ea61bc26916.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                        MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                        SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                        SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                        SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                                        Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                        MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                        SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                        SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                        SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                        MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                        SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                        SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                        SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                        MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                        SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                        SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                        SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):262512
                                                                                                                                                                                                                                                                                        Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:LsNlxl/l:Ls3jt
                                                                                                                                                                                                                                                                                        MD5:F4C6D5487B72CBF3AF767E955284680D
                                                                                                                                                                                                                                                                                        SHA1:67E4CE6E9183491899686A3B0A67CDBC891F0B5F
                                                                                                                                                                                                                                                                                        SHA-256:76BC10EFEA125318F820F21ACABCBBD2D9391175FF8007E4F44F47C8B9FF290E
                                                                                                                                                                                                                                                                                        SHA-512:D3187BAB946A0CE6B7A2836998227D9A2EAD2CD9DC20B9FB52D83A2C50BF25994E245591C6853790E94A4BC82AE6A648F687290C773CC0B58753A47F63002412
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:............................................./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):33
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                        MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                        SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                        SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                        SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):305
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.1973007396646445
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:iOLV5Q2UIs1wkn23oH+TcwtnG2tbB2KLlBV5QMq2Pwkn23oH+TcwtnG2tMsIFUv:7LVQILfYebn9VFLPVZvYfYebn9GFUv
                                                                                                                                                                                                                                                                                        MD5:B1FC17B2E8C72F5C63C0D1B6B6676EC7
                                                                                                                                                                                                                                                                                        SHA1:8D37A958AABEE014E3A0A70CF33FE4D94ED8D63F
                                                                                                                                                                                                                                                                                        SHA-256:98A0161EE33C7D587BB6D6F7AD8423DCDFE3B8D35BE80CF6FFFB785B2ACC6DC0
                                                                                                                                                                                                                                                                                        SHA-512:28EFD1D8878185D78CEE26DA4D4A636F7D91D40C4B40D394C14A4FB691438E95E73271C7F6B53C49C677182AEA665FEECED2D1AC97F0643E4E5489DD4F7A7E71
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:2025/01/04-18:04:53.551 1fc0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db since it was missing..2025/01/04-18:04:53.836 1fc0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):171
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCT
                                                                                                                                                                                                                                                                                        MD5:E952942B492DB39A75DD2669B98EBE74
                                                                                                                                                                                                                                                                                        SHA1:F6C4DEF325DCA0DFEC01759D7D8610837A370176
                                                                                                                                                                                                                                                                                        SHA-256:14F92B911F9FE774720461EEC5BB4761AE6BFC9445C67E30BF624A8694B4B1DA
                                                                                                                                                                                                                                                                                        SHA-512:9193E7BBE7EB633367B39513B48EFED11FD457DCED070A8708F8572D0AB248CBFF37254599A6BFB469637E0DCCBCD986347C6B6075C06FAE2AF08387B560DEA0
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):281
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.180147329113516
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:iOLV5Q071wkn23oH+Tcwt8aVdg2KLlBV5Q63N+q2Pwkn23oH+Tcwt8aPrqIFUv:7LV5afYeb0LPVnIvYfYebL3FUv
                                                                                                                                                                                                                                                                                        MD5:E5A44AF89417F60C2BEAF518035D093F
                                                                                                                                                                                                                                                                                        SHA1:4A1EFECB77ECC3AEF9A16FDF535146B4142CB722
                                                                                                                                                                                                                                                                                        SHA-256:F5193F239F5A60C1D0F1E6972CB7A314377D89EDE631598B2D5D428068750FE0
                                                                                                                                                                                                                                                                                        SHA-512:9B52A4A7C550DE9C1F6408246D9C683728C2D85D5F527669D040574349B38782BEE5E70BC3B6E049518C73E3A5198C65ADE8D861402216E15B9F074279EA93E5
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:2025/01/04-18:04:53.578 1c28 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules since it was missing..2025/01/04-18:04:53.590 1c28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):171
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCT
                                                                                                                                                                                                                                                                                        MD5:E952942B492DB39A75DD2669B98EBE74
                                                                                                                                                                                                                                                                                        SHA1:F6C4DEF325DCA0DFEC01759D7D8610837A370176
                                                                                                                                                                                                                                                                                        SHA-256:14F92B911F9FE774720461EEC5BB4761AE6BFC9445C67E30BF624A8694B4B1DA
                                                                                                                                                                                                                                                                                        SHA-512:9193E7BBE7EB633367B39513B48EFED11FD457DCED070A8708F8572D0AB248CBFF37254599A6BFB469637E0DCCBCD986347C6B6075C06FAE2AF08387B560DEA0
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):285
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.169255169807834
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:iOLV5Q65NFD1wkn23oH+Tcwt86FB2KLlBV5QR+q2Pwkn23oH+Tcwt865IFUv:7LVJXyfYeb/FFLPV9vYfYeb/WFUv
                                                                                                                                                                                                                                                                                        MD5:21A98868903966F356A26851AEF80C54
                                                                                                                                                                                                                                                                                        SHA1:F753D4BF312D232B5920349BAE89E16688AA9566
                                                                                                                                                                                                                                                                                        SHA-256:923D4A702D353C029F9C7E1EC1C2A0F3423D037CEC75145A9B8ABF195BCC0BD9
                                                                                                                                                                                                                                                                                        SHA-512:69B80E9B419207EE8247FAA43491A498BD0B3F4BEE150100CAA450E719D39D8563479737692CB54E8EE7E210E20E5C60BC7E128A93F5881E6D24FAFDFC812794
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:2025/01/04-18:04:53.592 1c28 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts since it was missing..2025/01/04-18:04:53.603 1c28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1083
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                                                                                                                                                                                                                                                        MD5:F5DB9E03121BAEFA935729AECA8F9B25
                                                                                                                                                                                                                                                                                        SHA1:566AB4BEA20FCA1E5DC02458820EDEAB0D089FCE
                                                                                                                                                                                                                                                                                        SHA-256:6AF84BCBACC6188E9DC569332B289BA93FE5495124E53D7C2213F43CE23C51D6
                                                                                                                                                                                                                                                                                        SHA-512:A3B7DC9910A812BE90F789C257FDAAA35D04DD418FDB9C9FAD8E4E28C5D311DAC744CD64D16E9681554213FFD0CF9815EC24CF7E0BE4D78CE93C9AF27F6CFB20
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):322
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.205885803427418
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:iOLV5Q2PBX9+q2Pwkn23oH+Tcwt8NIFUtRV5QIB3JZmwPV5QIjN9VkwOwkn23oHt:7LV3qvYfYebpFUtRVdBZ/PVdZ5JfYeb2
                                                                                                                                                                                                                                                                                        MD5:A07F4EE808AB4421F664E2782E9FE80F
                                                                                                                                                                                                                                                                                        SHA1:49270946C680F749034A787DD9FA1280316F9DDF
                                                                                                                                                                                                                                                                                        SHA-256:96C901074CD902CD2A109B3C8D1399B6715FD15D98F5523F7FEC6555EC453178
                                                                                                                                                                                                                                                                                        SHA-512:0FE3CE7B7DA4A4CB2BF61E6F57DA1A8B7F79221B0E45D1B15A3C7979DAC98EA5EC35F77B2A09CCA63F4617187CEE14A28A1B4F2D88B191C83D53638BC23C4B29
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:2025/01/04-18:04:54.269 13d8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/01/04-18:04:54.270 13d8 Recovering log #3.2025/01/04-18:04:54.278 13d8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):322
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.205885803427418
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:iOLV5Q2PBX9+q2Pwkn23oH+Tcwt8NIFUtRV5QIB3JZmwPV5QIjN9VkwOwkn23oHt:7LV3qvYfYebpFUtRVdBZ/PVdZ5JfYeb2
                                                                                                                                                                                                                                                                                        MD5:A07F4EE808AB4421F664E2782E9FE80F
                                                                                                                                                                                                                                                                                        SHA1:49270946C680F749034A787DD9FA1280316F9DDF
                                                                                                                                                                                                                                                                                        SHA-256:96C901074CD902CD2A109B3C8D1399B6715FD15D98F5523F7FEC6555EC453178
                                                                                                                                                                                                                                                                                        SHA-512:0FE3CE7B7DA4A4CB2BF61E6F57DA1A8B7F79221B0E45D1B15A3C7979DAC98EA5EC35F77B2A09CCA63F4617187CEE14A28A1B4F2D88B191C83D53638BC23C4B29
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:2025/01/04-18:04:54.269 13d8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/01/04-18:04:54.270 13d8 Recovering log #3.2025/01/04-18:04:54.278 13d8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.5241404324800358
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:56U+bGzPDLjGQLBE3up+U0jBo4tgi3JMe9xJDECVjN:5R+GPXBBE3upb0HtTTDxVj
                                                                                                                                                                                                                                                                                        MD5:241322143A01979D346689D9448AC8C0
                                                                                                                                                                                                                                                                                        SHA1:DD95F97EE1CCB8FD9026D2156DE9CB8137B816D1
                                                                                                                                                                                                                                                                                        SHA-256:65EEBDEC4F48A111AC596212A1D71C3A5CFA996797500E5344EEABDFA02527C8
                                                                                                                                                                                                                                                                                        SHA-512:9C7241462A9DADEF25D8EEB1C14BABFBA65C451EBAFBC068B9856E4EF0EB6F894A44686CBB0D1F46C7F546335D0C53A3E386E6C1A017082DE127F8F9C0A54BD2
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......'...........E......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.33890226319329847
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:TLMfly7aoxrRGcAkSQdC6ae1//fxEjkE/RFL2iFV1eHFxOUwa5qgufTsZ75fOSI:TLYcjr0+Pdajk+FZH1W6UwccI5fBI
                                                                                                                                                                                                                                                                                        MD5:971F4C153D386AC7ED39363C31E854FC
                                                                                                                                                                                                                                                                                        SHA1:339841CA0088C9EABDE4AACC8567D2289CCB9544
                                                                                                                                                                                                                                                                                        SHA-256:B6468DA6EC0EAE580B251692CFE24620D39412954421BBFDECB13EF21BE7BC88
                                                                                                                                                                                                                                                                                        SHA-512:1A4DD0C2BE163AAB3B81D63DEB4A7DB6421612A6CF1A5685951F86B7D5A40B67FC6585B7E52AA0CC20FF47349F15DFF0C9038086E3A7C78AE0FFBEE6D8AA7F7E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):403
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.30806594068562
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:7LVPP4vYfYeb8rcHEZrELFUtRVPi/PVPO5JfYeb8rcHEZrEZSJ:7LAYfYeb8nZrExgRWiJfYeb8nZrEZe
                                                                                                                                                                                                                                                                                        MD5:BA963DA49AEFBDD83F42A6434E615569
                                                                                                                                                                                                                                                                                        SHA1:5F14159873E7E29E37C07B677442E16970B72DBF
                                                                                                                                                                                                                                                                                        SHA-256:E75345BE7D9AAA2EDD7DA7B44F848D9B381FF4931DFCBABF5E6C199C8D3D5E43
                                                                                                                                                                                                                                                                                        SHA-512:1773D282C3D10827FD63DA903FE4A02922EA74E68F9245C438E0BFDB20494857F24996FF56A8B800718D3999AF3C56E1E93EA0874174F027B20E463ED181D333
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:2025/01/04-18:04:55.695 970 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/01/04-18:04:55.696 970 Recovering log #3.2025/01/04-18:04:55.696 970 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):403
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.30806594068562
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:7LVPP4vYfYeb8rcHEZrELFUtRVPi/PVPO5JfYeb8rcHEZrEZSJ:7LAYfYeb8nZrExgRWiJfYeb8nZrEZe
                                                                                                                                                                                                                                                                                        MD5:BA963DA49AEFBDD83F42A6434E615569
                                                                                                                                                                                                                                                                                        SHA1:5F14159873E7E29E37C07B677442E16970B72DBF
                                                                                                                                                                                                                                                                                        SHA-256:E75345BE7D9AAA2EDD7DA7B44F848D9B381FF4931DFCBABF5E6C199C8D3D5E43
                                                                                                                                                                                                                                                                                        SHA-512:1773D282C3D10827FD63DA903FE4A02922EA74E68F9245C438E0BFDB20494857F24996FF56A8B800718D3999AF3C56E1E93EA0874174F027B20E463ED181D333
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:2025/01/04-18:04:55.695 970 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/01/04-18:04:55.696 970 Recovering log #3.2025/01/04-18:04:55.696 970 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):334
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.1888612848329005
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:iOLV5QS2e4q2Pwkn23oH+Tcwt8a2jMGIFUtRV5QS0IBJZmwPV5QwU3DkwOwkn234:7LVm9vYfYeb8EFUtRVTr/PVu5JfYeb8N
                                                                                                                                                                                                                                                                                        MD5:A016EF0C1F926803FDF2B52289BD691A
                                                                                                                                                                                                                                                                                        SHA1:5C1EB7F256159F5687458D2B5FD3286EB0378801
                                                                                                                                                                                                                                                                                        SHA-256:69C004A68EF83B4EE156A59BB17E43D21A20CCE74F1EA2A5734BC78E9744CE13
                                                                                                                                                                                                                                                                                        SHA-512:8311BD0F3BE5B9C63E75A2913D9EE745463D2D2F4516E54070B5340E04B0609069E66A113FE9765EF0218F531B5F4D924BA3ACADC3E08DA74AC5ED9C4AB5CBFE
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:2025/01/04-18:04:53.957 1404 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/01/04-18:04:53.959 1404 Recovering log #3.2025/01/04-18:04:53.963 1404 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):334
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.1888612848329005
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:iOLV5QS2e4q2Pwkn23oH+Tcwt8a2jMGIFUtRV5QS0IBJZmwPV5QwU3DkwOwkn234:7LVm9vYfYeb8EFUtRVTr/PVu5JfYeb8N
                                                                                                                                                                                                                                                                                        MD5:A016EF0C1F926803FDF2B52289BD691A
                                                                                                                                                                                                                                                                                        SHA1:5C1EB7F256159F5687458D2B5FD3286EB0378801
                                                                                                                                                                                                                                                                                        SHA-256:69C004A68EF83B4EE156A59BB17E43D21A20CCE74F1EA2A5734BC78E9744CE13
                                                                                                                                                                                                                                                                                        SHA-512:8311BD0F3BE5B9C63E75A2913D9EE745463D2D2F4516E54070B5340E04B0609069E66A113FE9765EF0218F531B5F4D924BA3ACADC3E08DA74AC5ED9C4AB5CBFE
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:2025/01/04-18:04:53.957 1404 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/01/04-18:04:53.959 1404 Recovering log #3.2025/01/04-18:04:53.963 1404 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):57344
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.863060653641558
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:u7/KLPeymOT7ynlm+yKwt7izhGnvgbn8MouB6wznP:u74CnlmVizhGE7IwD
                                                                                                                                                                                                                                                                                        MD5:C681C90B3AAD7F7E4AF8664DE16971DF
                                                                                                                                                                                                                                                                                        SHA1:9F72588CEA6569261291B19E06043A1EFC3653BC
                                                                                                                                                                                                                                                                                        SHA-256:ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
                                                                                                                                                                                                                                                                                        SHA-512:4696BF334961E4C9757BAC40C41B4FBE3E0B9F821BD242CE6967B347053787BE54D1270D7166745126AFA42E8193AC2E695B0D8F11DE8F0B2876628B7C128942
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\7a43c3bd-3f7f-4e42-8eca-7b8bf1c60b27.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                                                                                                        MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                                                                                                        SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                                                                                                        SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                                                                                                        SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):61
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                                        MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                                        SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                                        SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                                        SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):36864
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.555790634850688
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                                                                                                                                                                                                                                                                        MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                                                                                                                                                                                                                                                                        SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                                                                                                                                                                                                                                                                        SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                                                                                                                                                                                                                                                                        SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF35768.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):203
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.4042796420747425
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                                                                                                                                                                                                                        MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                                                                                                                                                                                                                        SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                                                                                                                                                                                                                        SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                                                                                                                                                                                                                        SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):36864
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.36515621748816035
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                        MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                                                                                                                                                        SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                                                                                                                                                        SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                                                                                                                                                        SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\a618d991-df30-4f31-af96-a74c9192e9b5.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.46731661083066856
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
                                                                                                                                                                                                                                                                                        MD5:E93ACF0820CA08E5A5D2D159729F70E3
                                                                                                                                                                                                                                                                                        SHA1:2C1A4D4924B9AEC1A796F108607404B000877C5D
                                                                                                                                                                                                                                                                                        SHA-256:F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
                                                                                                                                                                                                                                                                                        SHA-512:3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):280
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.1628495285700575
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:S85aEFljljljljljljl8nllaV93NHR2W6odUV:S+a8ljljljljljljlClcNUNoW
                                                                                                                                                                                                                                                                                        MD5:748A8FF13B9B9D602AED7A0BF5636111
                                                                                                                                                                                                                                                                                        SHA1:7CDA5E5D6451C99A05131B5B5879C5011EE3D6B7
                                                                                                                                                                                                                                                                                        SHA-256:7650A04EEF84763BAD5F30F34081131B97F6E3457839F04823517DD16021A3AB
                                                                                                                                                                                                                                                                                        SHA-512:DEE8D587BA239849E02C6931F7AF34465F72AA57B50D888D6280A9EE21CF11213826BE1B1AE03BAD59B4272AEA605BB7758A3A56B6719351C2EF3C35922634ED
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f................<n.b................next-map-id.1.Cnamespace-49b4bcf3_3745_4da2_9f98_7672bbb03bb9-https://ntp.msn.com/.0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):322
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.119755907548273
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:iOLV5QEeB4q2Pwkn23oH+TcwtrQMxIFUtRV5QGoJZmwPV5QOSKLDkwOwkn23oH+L:7LVfeivYfYebCFUtRV4/PV2G5JfYebtJ
                                                                                                                                                                                                                                                                                        MD5:7E2091352B132377BBB8081D1FBB23EA
                                                                                                                                                                                                                                                                                        SHA1:818393B415695D96F9F10CFD029EB131300376C7
                                                                                                                                                                                                                                                                                        SHA-256:5A94A3E26673D5F063871BF26A25BE580C7F02CCC73D02ADCDA1967BE3359190
                                                                                                                                                                                                                                                                                        SHA-512:D672183F0B4BE8E7E8E75320A1E43B2A27FB5C1C785CF12AA5B7226A384D986C016878984BFB2F38D93E989B3A230CFF9A2356426E406BCEB206F20DCC8DA10C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:2025/01/04-18:04:54.195 1404 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/01/04-18:04:54.197 1404 Recovering log #3.2025/01/04-18:04:54.217 1404 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):322
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.119755907548273
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:iOLV5QEeB4q2Pwkn23oH+TcwtrQMxIFUtRV5QGoJZmwPV5QOSKLDkwOwkn23oH+L:7LVfeivYfYebCFUtRV4/PV2G5JfYebtJ
                                                                                                                                                                                                                                                                                        MD5:7E2091352B132377BBB8081D1FBB23EA
                                                                                                                                                                                                                                                                                        SHA1:818393B415695D96F9F10CFD029EB131300376C7
                                                                                                                                                                                                                                                                                        SHA-256:5A94A3E26673D5F063871BF26A25BE580C7F02CCC73D02ADCDA1967BE3359190
                                                                                                                                                                                                                                                                                        SHA-512:D672183F0B4BE8E7E8E75320A1E43B2A27FB5C1C785CF12AA5B7226A384D986C016878984BFB2F38D93E989B3A230CFF9A2356426E406BCEB206F20DCC8DA10C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:2025/01/04-18:04:54.195 1404 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/01/04-18:04:54.197 1404 Recovering log #3.2025/01/04-18:04:54.217 1404 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13380505496046239

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                        Size (bytes):230
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.751656781764913
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:3krgqxD5x9jz0Go8l4v82xw2WawuCev/Fn:3k75occ82jAu9N
                                                                                                                                                                                                                                                                                        MD5:71E785A4F3DEC5C6694B62A72955AD4F
                                                                                                                                                                                                                                                                                        SHA1:FFD6ED647D35836F8263320D473192783181CC2D
                                                                                                                                                                                                                                                                                        SHA-256:0D3FE8A0C57B58FD1897544F2969690D9F2BEB4228421933E4CD3354BE7A0FFC
                                                                                                                                                                                                                                                                                        SHA-512:A16B2FCC5556136C2F5AD312B931520B2850976C3FD6CE6953B3F8BB5076B76D6DA5194A131E86269B4E37EF01261DFF4CEC708B326171CF4AE83DD2EE52BE85
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:SNSS................................"........................................................!.............................................1..,.......$...49b4bcf3_3745_4da2_9f98_7672bbb03bb9......................@+................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):350
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.14777096482614
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:iOLV5QQMq2Pwkn23oH+Tcwt7Uh2ghZIFUtRV5QQ9ZmwPV5QVvFzkwOwkn23oH+T8:7LVHMvYfYebIhHh2FUtRVH9/PVUFz5J8
                                                                                                                                                                                                                                                                                        MD5:E3820CED40FA0A56E1694D7A1BB96B10
                                                                                                                                                                                                                                                                                        SHA1:7F9245202D5547102FE1378F881A105127CE6723
                                                                                                                                                                                                                                                                                        SHA-256:50B352F4A7FE0EC441F05659CB488F9A41AE42479192E81E7C2E7EE967C04C44
                                                                                                                                                                                                                                                                                        SHA-512:90451168CF017E018B7D8350C3D7B68FA7775EBEF2F0ACAD5A82AB5CF5AF00F714346FE784C64ECA38F154F5208AA12A08388127EB04078E0F81A6B81F2256DA
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:2025/01/04-18:04:53.741 1c24 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/01/04-18:04:53.741 1c24 Recovering log #3.2025/01/04-18:04:53.742 1c24 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):350
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.14777096482614
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:iOLV5QQMq2Pwkn23oH+Tcwt7Uh2ghZIFUtRV5QQ9ZmwPV5QVvFzkwOwkn23oH+T8:7LVHMvYfYebIhHh2FUtRVH9/PVUFz5J8
                                                                                                                                                                                                                                                                                        MD5:E3820CED40FA0A56E1694D7A1BB96B10
                                                                                                                                                                                                                                                                                        SHA1:7F9245202D5547102FE1378F881A105127CE6723
                                                                                                                                                                                                                                                                                        SHA-256:50B352F4A7FE0EC441F05659CB488F9A41AE42479192E81E7C2E7EE967C04C44
                                                                                                                                                                                                                                                                                        SHA-512:90451168CF017E018B7D8350C3D7B68FA7775EBEF2F0ACAD5A82AB5CF5AF00F714346FE784C64ECA38F154F5208AA12A08388127EB04078E0F81A6B81F2256DA
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:2025/01/04-18:04:53.741 1c24 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/01/04-18:04:53.741 1c24 Recovering log #3.2025/01/04-18:04:53.742 1c24 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                        MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                        SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                        SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                        SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                                        Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                        MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                        SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                        SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                        SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                        MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                        SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                        SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                        SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                        MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                        SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                        SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                        SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):262512
                                                                                                                                                                                                                                                                                        Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:LsNl5o/ll:Ls35o/
                                                                                                                                                                                                                                                                                        MD5:08128CAAA8DFB85816BEB9519C130A70
                                                                                                                                                                                                                                                                                        SHA1:882E2A061089EB525788A1F01FB75D9692F24D95
                                                                                                                                                                                                                                                                                        SHA-256:28214DE10D4A7A09776792BB14FBD7E0D3D28D9F90F36DE35B88855B29B416F0
                                                                                                                                                                                                                                                                                        SHA-512:F7DCECA1D983F23A795611BB894CD31475A9D6DBBC6C78CD599A183934D973FD616980BD23956B2594CF3AD290AA8EB4ED6E59ACD56187388004E996FC4D3AED
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........................................D.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):432
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.237651321759753
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:7LViTIvYfYebvqBQFUtRV4/PVZq5JfYebvqBvJ:7LMT6YfYebvZgRUIJfYebvk
                                                                                                                                                                                                                                                                                        MD5:745ED24FF4ED7B4BED260196CBE15B09
                                                                                                                                                                                                                                                                                        SHA1:CC69DE97130FC40DE439E48C79841A2F55C28EF3
                                                                                                                                                                                                                                                                                        SHA-256:C7DAE12FB7119AE95111990FE06ABA98B57B4ED619BB51B0AEC34ECB18BAB24B
                                                                                                                                                                                                                                                                                        SHA-512:099E129686251EDC632949120A08D1CF5C80DDC2B82BCF5F567613C6167725D702EE48D390E76E96BAAFC1010AB8ABA4A6A7AD8EEDD8E30AB9BB90CF4F47D152
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:2025/01/04-18:04:54.223 1c90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/01/04-18:04:54.225 1c90 Recovering log #3.2025/01/04-18:04:54.232 1c90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):432
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.237651321759753
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:7LViTIvYfYebvqBQFUtRV4/PVZq5JfYebvqBvJ:7LMT6YfYebvZgRUIJfYebvk
                                                                                                                                                                                                                                                                                        MD5:745ED24FF4ED7B4BED260196CBE15B09
                                                                                                                                                                                                                                                                                        SHA1:CC69DE97130FC40DE439E48C79841A2F55C28EF3
                                                                                                                                                                                                                                                                                        SHA-256:C7DAE12FB7119AE95111990FE06ABA98B57B4ED619BB51B0AEC34ECB18BAB24B
                                                                                                                                                                                                                                                                                        SHA-512:099E129686251EDC632949120A08D1CF5C80DDC2B82BCF5F567613C6167725D702EE48D390E76E96BAAFC1010AB8ABA4A6A7AD8EEDD8E30AB9BB90CF4F47D152
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:2025/01/04-18:04:54.223 1c90 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/01/04-18:04:54.225 1c90 Recovering log #3.2025/01/04-18:04:54.232 1c90 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\4eed417a-3365-4a12-87db-29569aa1ff09.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):193
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.864047146590611
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                                                                                                                                                                                                                        MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                                                                                                                                                                                                                        SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                                                                                                                                                                                                                        SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                                                                                                                                                                                                                        SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):36864
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.555790634850688
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                                                                                                                                                                                                                                                                        MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                                                                                                                                                                                                                                                                        SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                                                                                                                                                                                                                                                                        SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                                                                                                                                                                                                                                                                        SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):36864
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.36515621748816035
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                        MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                                                                                                                                                        SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                                                                                                                                                        SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                                                                                                                                                        SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):326
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.222303201795364
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:iOLV5QAvN+q2Pwkn23oH+TcwtpIFUtRV5QV5ZmwPV5QmUAHNVkwOwkn23oH+Tcwd:7LVBAvYfYebmFUtRVK5/PVwAT5JfYeb7
                                                                                                                                                                                                                                                                                        MD5:76F859183B80CD26C478F522C52500DE
                                                                                                                                                                                                                                                                                        SHA1:A09D1FB72401A1B417CB55CD44CDE632B56FE22B
                                                                                                                                                                                                                                                                                        SHA-256:FA45BFA25AB0FA228BCCEAA3D4AA27450285AEBE78F148C7AF709F1497948070
                                                                                                                                                                                                                                                                                        SHA-512:9B4B59544E46E21D1A2AF4B37A68AA116388AB1E25E297A4EBDBE10942D80405FF307D3E8DAE95762387E6A1EE9D8A5A0A2DCFB7A93A6977D52D8346623B2FD8
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:2025/01/04-18:04:53.545 1c28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/01/04-18:04:53.546 1c28 Recovering log #3.2025/01/04-18:04:53.547 1c28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):326
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.222303201795364
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:iOLV5QAvN+q2Pwkn23oH+TcwtpIFUtRV5QV5ZmwPV5QmUAHNVkwOwkn23oH+Tcwd:7LVBAvYfYebmFUtRVK5/PVwAT5JfYeb7
                                                                                                                                                                                                                                                                                        MD5:76F859183B80CD26C478F522C52500DE
                                                                                                                                                                                                                                                                                        SHA1:A09D1FB72401A1B417CB55CD44CDE632B56FE22B
                                                                                                                                                                                                                                                                                        SHA-256:FA45BFA25AB0FA228BCCEAA3D4AA27450285AEBE78F148C7AF709F1497948070
                                                                                                                                                                                                                                                                                        SHA-512:9B4B59544E46E21D1A2AF4B37A68AA116388AB1E25E297A4EBDBE10942D80405FF307D3E8DAE95762387E6A1EE9D8A5A0A2DCFB7A93A6977D52D8346623B2FD8
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:2025/01/04-18:04:53.545 1c28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/01/04-18:04:53.546 1c28 Recovering log #3.2025/01/04-18:04:53.547 1c28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.26707851465859517
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:TLPp5yN8h6MvDOH+FxOUwa5qVZ7Nkl25Pe2d:TLh8Gxk+6Uwc8NlYC
                                                                                                                                                                                                                                                                                        MD5:04F8B790DF73BD7CD01238F4681C3F44
                                                                                                                                                                                                                                                                                        SHA1:DF12D0A21935FC01B36A24BF72AB9640FEBB2077
                                                                                                                                                                                                                                                                                        SHA-256:96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
                                                                                                                                                                                                                                                                                        SHA-512:0DD492C371D310121F7FD57D29F8CE92AA2536A74923AC27F9C4C0C1580C849D7779348FC80410DEBB5EEE14F357EBDF33BF670D1E7B6CCDF15D69AC127AB7C3
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g.......j.j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 4, database pages 87, cookie 0x66, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):180224
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.9312584730793054
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:CSqzyMUfTfnGCTjHbRJkkqtXaWTK+hGgH+6e7E:CrzyffrnzkkqtXnTK+hNH+5
                                                                                                                                                                                                                                                                                        MD5:4ECC14F9549C4BB53159212C5BCC9CC0
                                                                                                                                                                                                                                                                                        SHA1:EFEABE631F20B60E2863952BFF0F485BEB74CE36
                                                                                                                                                                                                                                                                                        SHA-256:49F613160AD871F1B44381BB8F6B4E1EB481E41A86B462D4CD29CB90095EE149
                                                                                                                                                                                                                                                                                        SHA-512:6EB988D5F9AA19A26EB1AE4E87F1D2E03D407B969777AB38E2031B3556D8915CCBD4BE6BD537A1A1D22A365D58CDF63E3B790D8AB7281DCCAC09F9685A0788C7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......W...........f......................................................j............O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2568
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.06569804787746028
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:/8All/l1lhtlp8n:73i
                                                                                                                                                                                                                                                                                        MD5:A395A4AAF651EB5212C58EC3E5E7F36C
                                                                                                                                                                                                                                                                                        SHA1:D9E951F9E222596772ED37C37A53C0F8A0ED1EF9
                                                                                                                                                                                                                                                                                        SHA-256:D2CD2E8DC9EB7DF76B13252118DD6092A3118EB821279FF02F49312C067C88FD
                                                                                                                                                                                                                                                                                        SHA-512:DE114541BDB1D3E81684605923F697CAF3315C50C8575628008038464AA5696B25B7D6D2D22019177C379C4E2C61A4AC9A01B6942CDCDB484FBA6FDD76CFF4E1
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:............t].Y...W....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3852), with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):11417
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.237554345326078
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:dH4vrmORnBtW4PoiUDNaxvR5FCHFcoaSbqGEDu:dH4vrmonPW4jR3GaSbqGEDu
                                                                                                                                                                                                                                                                                        MD5:DF790948C5A7B5DD19D033FE6C793868
                                                                                                                                                                                                                                                                                        SHA1:0C4A681E07505CA84997CE78FEEE1F0D88CB8E2A
                                                                                                                                                                                                                                                                                        SHA-256:CB4049061A6A78013D20CC4AB396BEF4F6C35306887BE76765EED4E51EEE702D
                                                                                                                                                                                                                                                                                        SHA-512:251C3B5DE5452E2F40C648BDB2E3D1CE2315DD4DFFAF4B4E5E08528DBAAB80535F1A82E183A65AB7DCA0C2926AE5D6B61F06DB390D0E3B8D8E77E826B21042CB
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{.. "ArbitrationSignal": "(time_elapsed_since_last_notification)-3600^(notification_quick_dismiss_rate_lower_ci+notification_disable_rate+notification_snooze_rate)",.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f41

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b7d564ac-537a-47f8-ad66-4bbc5a08deef.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):281
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.2367704244983235
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:iOLV5Qcf1wkn23oH+Tcwtfrl2KLlBV5QYN+q2Pwkn23oH+TcwtfrK+IFUv:7LV9OfYeb1LPVEvYfYeb23FUv
                                                                                                                                                                                                                                                                                        MD5:155FAE0AFBDDC01C737053B3D584B5AE
                                                                                                                                                                                                                                                                                        SHA1:C4AED15983E67086960472D7A58507CF5BF1DFAA
                                                                                                                                                                                                                                                                                        SHA-256:E3B91C51B00ED321FBE06F08C78F4730D59A9A4C8E4826EEF3BDE6A7FF138847
                                                                                                                                                                                                                                                                                        SHA-512:B2E9AA9EB80F19235007829800770775303F08FEAF6AD2465EF993D3AFD4A7F915011F60DECEF98C00484B1B4047295C11DE6C4FC89A084D31F8CFD986401487
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:2025/01/04-18:04:54.094 1c28 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db since it was missing..2025/01/04-18:04:54.377 1c28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):184
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.6995049215784723
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:G0XttkJcsRwI9tkJcscml9t3moiOlfmEaHTltfmoI///fmEbn:G0Xtqcsqc9Ct3mxKm9HTl1mL//3m8
                                                                                                                                                                                                                                                                                        MD5:D0D92D2ACC26306AEC6E8D67FD89BB1D
                                                                                                                                                                                                                                                                                        SHA1:98C9F038C1C81881F5EB5E103530458845BCEEA9
                                                                                                                                                                                                                                                                                        SHA-256:3B6E086A61E5DA0B64E80F593E648BD49FE77CE072098065399BE2B4F4F46840
                                                                                                                                                                                                                                                                                        SHA-512:5464728663F1F62E9DBD7DF26D92FE7CC41B6BFDEE9021CEE5ED230B9F3114ACFF54768E5206B283382CBFF6999B07DF9283ED3DA50E04631729D22DD8E4CB5D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................21_.....n[.=.................33_.....vuNX.................21_.....

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):299
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.181840780934395
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:iOLV5QuXD1wkn23oH+Tcwtfrzs52KLlBV5QQUIN+q2Pwkn23oH+TcwtfrzAdIFUv:7LVefYebs9LPVZAvYfYeb9FUv
                                                                                                                                                                                                                                                                                        MD5:3AF76DD756B304D49BC1E7FBC38C3D7E
                                                                                                                                                                                                                                                                                        SHA1:B7147D5B56F9D55E3717472E94ADD468C6CC0AAC
                                                                                                                                                                                                                                                                                        SHA-256:EF160381599F1B6614F3839BB2DA3302C35E8439B743C71E9064BFF6AD2AD59C
                                                                                                                                                                                                                                                                                        SHA-512:8A8F601CB9C56DA1B710011E2B40B88FD90F9057CFAE70F46093B5EB44C437187B4D9B3413A4B3856C921A1CBA34540EB694DF6A49C3A5436A021B7217B13F2B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:2025/01/04-18:04:54.067 1c28 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata since it was missing..2025/01/04-18:04:54.087 1c28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                        MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                        SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                        SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                        SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                        MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                        SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                        SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                        SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                                        Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                        MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                        SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                        SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                        SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                        MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                        SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                        SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                        SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                        MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                        SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                        SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                        SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):262512
                                                                                                                                                                                                                                                                                        Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:LsNlwall:Ls3wa/
                                                                                                                                                                                                                                                                                        MD5:F251320D48CB9FCBAC172C6B4070A268
                                                                                                                                                                                                                                                                                        SHA1:87A511867D21DC93F7F2F2357A815F8F00252D34
                                                                                                                                                                                                                                                                                        SHA-256:A51AA86A1EBF275CF47795C99DB4EFE6A8C138AF51981CAF3D4407AF03021708
                                                                                                                                                                                                                                                                                        SHA-512:017FB5FC8BE358B8F96FFB06225AF02DBE1DB708E7728983BD97D251594B0AF09F9268A96700F77248A0421B8BF79443E5754BD8969C2DF87BA5D3866CADDBEF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........................................:..../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                        MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                        SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                        SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                        SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                                        Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                        MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                        SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                        SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                        SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                        MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                        SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                        SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                        SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                        MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                        SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                        SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                        SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):262512
                                                                                                                                                                                                                                                                                        Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:LsNlFul:Ls3w
                                                                                                                                                                                                                                                                                        MD5:6981EC0A28053437AC3814213A85FB7F
                                                                                                                                                                                                                                                                                        SHA1:BC0967787F1425378CB94C40BCE6E341DA2FBFF9
                                                                                                                                                                                                                                                                                        SHA-256:45E5623FFADBB0298AA252FE10351B1C51B12A5ADA111569D3D23C8D3F8D5D7C
                                                                                                                                                                                                                                                                                        SHA-512:D63E79706771ECA206166BB4968C16BA15992785990CA8CEF97E210C117359AB6505657C3CE139BAE2E193E3F13661E5E96F803F6410D1E899406E20F63D4963
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........................................z.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):13
                                                                                                                                                                                                                                                                                        Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                        MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                        SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                        SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                        SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):6820
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.794093359233165
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:iaqkHfOn5ih/cI9URLl8RotokMFVvlwhye4IbONIeTC6XQS0qGqk+Z4uj+rjEYVt:ak2weiRUThi6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                        MD5:A5A7F7A43274927DED757AC5A0934727
                                                                                                                                                                                                                                                                                        SHA1:DEC7CD1874D9F600D0484ABBEC0B5560B1EAEDB2
                                                                                                                                                                                                                                                                                        SHA-256:5E82BF6D4842EE73C63484AFCC22863964C35B5723BB6520B85BE9E50BDA7C88
                                                                                                                                                                                                                                                                                        SHA-512:ECB81E5F3349CB2CBA672C8832154BD0B2F65EA07C0A73A8803DEBB1ED389D03D6EA728C2F6D1CCEEDB2DE7063D00F53758E3B9248F07CDC6637CB0D7FA76C31
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADN9TIwo6FoQJvKEmstmCCgEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAA3m4sJ/lOfMkQcpOsA1rB7b5RcIU4qveBOOX0juOKtgQAAAAA

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF34b33.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):6820
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.794093359233165
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:iaqkHfOn5ih/cI9URLl8RotokMFVvlwhye4IbONIeTC6XQS0qGqk+Z4uj+rjEYVt:ak2weiRUThi6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                        MD5:A5A7F7A43274927DED757AC5A0934727
                                                                                                                                                                                                                                                                                        SHA1:DEC7CD1874D9F600D0484ABBEC0B5560B1EAEDB2
                                                                                                                                                                                                                                                                                        SHA-256:5E82BF6D4842EE73C63484AFCC22863964C35B5723BB6520B85BE9E50BDA7C88
                                                                                                                                                                                                                                                                                        SHA-512:ECB81E5F3349CB2CBA672C8832154BD0B2F65EA07C0A73A8803DEBB1ED389D03D6EA728C2F6D1CCEEDB2DE7063D00F53758E3B9248F07CDC6637CB0D7FA76C31
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADN9TIwo6FoQJvKEmstmCCgEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAA3m4sJ/lOfMkQcpOsA1rB7b5RcIU4qveBOOX0juOKtgQAAAAA

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF34c2d.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):6820
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.794093359233165
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:iaqkHfOn5ih/cI9URLl8RotokMFVvlwhye4IbONIeTC6XQS0qGqk+Z4uj+rjEYVt:ak2weiRUThi6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                        MD5:A5A7F7A43274927DED757AC5A0934727
                                                                                                                                                                                                                                                                                        SHA1:DEC7CD1874D9F600D0484ABBEC0B5560B1EAEDB2
                                                                                                                                                                                                                                                                                        SHA-256:5E82BF6D4842EE73C63484AFCC22863964C35B5723BB6520B85BE9E50BDA7C88
                                                                                                                                                                                                                                                                                        SHA-512:ECB81E5F3349CB2CBA672C8832154BD0B2F65EA07C0A73A8803DEBB1ED389D03D6EA728C2F6D1CCEEDB2DE7063D00F53758E3B9248F07CDC6637CB0D7FA76C31
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADN9TIwo6FoQJvKEmstmCCgEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAA3m4sJ/lOfMkQcpOsA1rB7b5RcIU4qveBOOX0juOKtgQAAAAA

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.46731661083066856
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
                                                                                                                                                                                                                                                                                        MD5:E93ACF0820CA08E5A5D2D159729F70E3
                                                                                                                                                                                                                                                                                        SHA1:2C1A4D4924B9AEC1A796F108607404B000877C5D
                                                                                                                                                                                                                                                                                        SHA-256:F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
                                                                                                                                                                                                                                                                                        SHA-512:3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                        MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                        SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                        SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                        SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                                        Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                        MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                        SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                        SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                        SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                        MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                        SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                        SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                        SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                        MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                        SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                        SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                        SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):262512
                                                                                                                                                                                                                                                                                        Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:LsNlDGul:Ls3aq
                                                                                                                                                                                                                                                                                        MD5:C3E11B1B6C7D353101C13A0A950C940B
                                                                                                                                                                                                                                                                                        SHA1:3CB141E0C093407F2133D0BDEC106FE34CB32496
                                                                                                                                                                                                                                                                                        SHA-256:AE01C083E10A300C138CF7F850950B92F1285C098AE671C1FD061C470E7DA6B0
                                                                                                                                                                                                                                                                                        SHA-512:E6C080ACF195AE34704CA916DD61C08D7A62F2A68DF9AE70CF4977F289061F2FEF99FF7A2585C30951CF21A5811B4A79B855B6A2346E053FABAB8880F4F8BD95
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:............................................/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):47
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                                        MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                                        SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                                        SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                                        SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):35
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                                        MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                                        SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                                        SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                                        SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):29
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.922828737239167
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:2NGw+K+:fwZ+
                                                                                                                                                                                                                                                                                        MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                                                                                                                                                                                                                                        SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                                                                                                                                                                                                                                        SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                                                                                                                                                                                                                                        SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:customSynchronousLookupUris_0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):35302
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.99333285466604
                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                        SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                                                                                                                                                        MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                                                                                                                                                        SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                                                                                                                                                        SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                                                                                                                                                        SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):18
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.5724312513221195
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:kDnaV6bVon:kDYa2
                                                                                                                                                                                                                                                                                        MD5:5692162977B015E31D5F35F50EFAB9CF
                                                                                                                                                                                                                                                                                        SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
                                                                                                                                                                                                                                                                                        SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
                                                                                                                                                                                                                                                                                        SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:edgeSettings_2.0-0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3581
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.459693941095613
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                                                                                                                                                                                                                                                        MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                                                                                                                                                                                                                                                        SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                                                                                                                                                                                                                                                        SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                                                                                                                                                                                                                                                        SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):47
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.493433469104717
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:kfKbQSQSuLA5:kyUc5
                                                                                                                                                                                                                                                                                        MD5:3F90757B200B52DCF5FDAC696EFD3D60
                                                                                                                                                                                                                                                                                        SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                                                                                                                                                                                                                                                                                        SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                                                                                                                                                                                                                                                                                        SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:synchronousLookupUris_636976985063396749.rel.v2

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):35302
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.99333285466604
                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                        SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                                                                                                                                                        MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                                                                                                                                                        SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                                                                                                                                                        SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                                                                                                                                                        SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):50
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.9904355005135823
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                                                                                                                                                                                                                                                        MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                                                                                                                                                                                                                                                        SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                                                                                                                                                                                                                                                        SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                                                                                                                                                                                                                                                        SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):575056
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                        SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                                        MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                                        SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                                        SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                                        SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):87
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.415446034314543
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQd:YQ3Kq9X0dMgAEwjj
                                                                                                                                                                                                                                                                                        MD5:3FA87FFDBFD627F217A5F052D6D3A7AC
                                                                                                                                                                                                                                                                                        SHA1:0746F46DE416E30212C78E240BF6B5352EE2EF9C
                                                                                                                                                                                                                                                                                        SHA-256:7C782809649AE44D26AD9EC63F900A8B306E91ED01410EEDD6A9AB778770ED2B
                                                                                                                                                                                                                                                                                        SHA-512:EDAEDD2E75B29829BE86D25CB0D894832FCA323FD12493133E9230007D3FA353F12F3DBC87DAD9FE2B86D0F26EC3814C9951975ADFF3421623C44642AA780894
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":14}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a7e1eed6-9a9f-40d9-80f4-81cf1888504e.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):6820
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.794093359233165
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:iaqkHfOn5ih/cI9URLl8RotokMFVvlwhye4IbONIeTC6XQS0qGqk+Z4uj+rjEYVt:ak2weiRUThi6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                        MD5:A5A7F7A43274927DED757AC5A0934727
                                                                                                                                                                                                                                                                                        SHA1:DEC7CD1874D9F600D0484ABBEC0B5560B1EAEDB2
                                                                                                                                                                                                                                                                                        SHA-256:5E82BF6D4842EE73C63484AFCC22863964C35B5723BB6520B85BE9E50BDA7C88
                                                                                                                                                                                                                                                                                        SHA-512:ECB81E5F3349CB2CBA672C8832154BD0B2F65EA07C0A73A8803DEBB1ED389D03D6EA728C2F6D1CCEEDB2DE7063D00F53758E3B9248F07CDC6637CB0D7FA76C31
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADN9TIwo6FoQJvKEmstmCCgEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAAA3m4sJ/lOfMkQcpOsA1rB7b5RcIU4qveBOOX0juOKtgQAAAAA

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b0a4ccb9-876f-4e47-bfbd-35982bc8ae9f.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8307
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.7951015671407555
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:fsNA2feiRUKQ/6QDk4kN56qRAq1k8SPxVLZ7VTiQ:fsNA0y/DA4A56q3QxVNZTiQ
                                                                                                                                                                                                                                                                                        MD5:9910D1D07ECD8287A283BCE8112D43DB
                                                                                                                                                                                                                                                                                        SHA1:05EB22DD36AA86241D486DB85BA4C500EC9FF6E9
                                                                                                                                                                                                                                                                                        SHA-256:6FBA427D5EE2511BC957B80909CC7EC0CF819D04F32CC008E74612F2B41FDC5D
                                                                                                                                                                                                                                                                                        SHA-512:632AD86D9678E61982252256CE84822B225F851371552692056A1C8DCF8C4FDCFFD565370036A44BAF6473D493D9C73159ACAD923F46F7438F76940D538AE304
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Ve

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2278
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.861740263131958
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:uiTrlKxrgxeHJxl9Il8uHNYcZvrU63QF0GqXC6EHap2kd1rc:mDH9YL3vrGuGsC6H6
                                                                                                                                                                                                                                                                                        MD5:FB65C71386C70B451FFA3FDA960DF0AF
                                                                                                                                                                                                                                                                                        SHA1:202B016C6BD855EB7CFF897E07FFF82AECF7BA82
                                                                                                                                                                                                                                                                                        SHA-256:5F857BEC4B30941A58443CD7D8239D3DCA3708860C228BDAA7713BD5259E7B5C
                                                                                                                                                                                                                                                                                        SHA-512:3C35725607B7F01375FC0072CF57962CF036DCC8D016B6F87E13D77DC474806A00F8CB7290700B9DE79BBD3DFA23BAB26F8C7743944539907F51CDF4EF132B1F
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.K.0.2.c.w.V.f.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.z.f.U.y.M.K.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4622
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.000980321286006
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:nYu3Vk0Z1LmdrDEJmCv+JC62u0wITtJha/tlALCPxhJB:njVfGDM62uuhitlAwx5
                                                                                                                                                                                                                                                                                        MD5:128E92C695937353F68B56D83D82799E
                                                                                                                                                                                                                                                                                        SHA1:50502C35A03E4BE77A8B15E30968FED3CE54543A
                                                                                                                                                                                                                                                                                        SHA-256:0A20703A67852C2CACF11D4D721640D1D10CE1F5ABC424D1ACDF296384D01700
                                                                                                                                                                                                                                                                                        SHA-512:D1FE9F2D06AC115A91B2970D9C7089674B69FB7819EAAC2300A7D72A7FF2315348C2C1DA8FB76CB27BAEDCA65D50652247D18163723AFFA915102BA97EC80C50
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".5.i.o.c.W.f.1.e.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.z.f.U.y.M.K.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2684
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.9022312915967623
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:uiTrlKx68Wa7x/xl9Il8ugxkDbI2JlPvSSm2er7ulkzhtDd/vc:aBYokDc2Dc2er7uite
                                                                                                                                                                                                                                                                                        MD5:39E757145E194711336B1CEB28DCCC6B
                                                                                                                                                                                                                                                                                        SHA1:5D23343649D939EEAEC1D795BF026CE00870C037
                                                                                                                                                                                                                                                                                        SHA-256:B4518E535B82CD5CE5BFA34FCF103C758AB65A4185EC67D98CE668816A0892FB
                                                                                                                                                                                                                                                                                        SHA-512:33B6E004CB63EDEFF7593BE4DBC888D2F5149C90F49B55CBDD87CDBAC23514A557CBCF6BDBA303F9B23D683DF6DAC2E53C64FD3DE22CB57986FCF34C8D1662B2
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.U.A.M.i.s.5.9.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.z.f.U.y.M.K.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):64
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.1940658735648508
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:Nlllulbnolz:NllUc
                                                                                                                                                                                                                                                                                        MD5:F23953D4A58E404FCB67ADD0C45EB27A
                                                                                                                                                                                                                                                                                        SHA1:2D75B5CACF2916C66E440F19F6B3B21DFD289340
                                                                                                                                                                                                                                                                                        SHA-256:16F994BFB26D529E4C28ED21C6EE36D4AFEAE01CEEB1601E85E0E7FDFF4EFA8B
                                                                                                                                                                                                                                                                                        SHA-512:B90BFEC26910A590A367E8356A20F32A65DB41C6C62D79CA0DDCC8D95C14EB48138DEC6B992A6E5C7B35CFF643063012462DA3E747B2AA15721FE2ECCE02C044
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:@...e................................................@..........

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\backgroundTaskHost.exe
                                                                                                                                                                                                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.210932690545975
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:h74WabnNlDuUbwB7wR+/+wB7CDnlcalZnNmkyPzZAk/Ld9J:NJaDT87R7Vapy/Ld9
                                                                                                                                                                                                                                                                                        MD5:1270657728E1979963E445D95B146697
                                                                                                                                                                                                                                                                                        SHA1:5027274A6F5DEFC4BB3457916723FD2594F5732B
                                                                                                                                                                                                                                                                                        SHA-256:958053AC159A87D563F96DDD583407D2585B9971B0A7DC940432105D9B31D6C1
                                                                                                                                                                                                                                                                                        SHA-512:75BBBC3AA8775C1315BDCB3C70FAE34DA3E8F6B1040CBD0CCD39A4AB7444EFE34E5AAF305F389CFD977265C7B6487DACE6C4DF2D4FA193177D7DF059DCF26FAC
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:regf........b.Q.7.................. ...........1.h.2.t.x.y.e.w.y.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtm6....^..............................................................................................................................................................................................................................................................................................................................................s...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\backgroundTaskHost.exe
                                                                                                                                                                                                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.2493063282566443
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:374WaQN7nNlDuUbwB7wR+/+wB7CDnlcalZnNmkyPzZAk/Ld9J:LJaAjT87R7Vapy/Ld9
                                                                                                                                                                                                                                                                                        MD5:A68A9B4D706C473FD85D79841B6F2D30
                                                                                                                                                                                                                                                                                        SHA1:868299E37771CCC9C1F2804BCC31FC427B974C9B
                                                                                                                                                                                                                                                                                        SHA-256:77EFF18462DC3B8992BFC880027F24F34AE03776B1D10C4A1603FF0E5BC7DF4B
                                                                                                                                                                                                                                                                                        SHA-512:C4A591F85F365582CEA138C2AA2EA63BADC105D886E15FA193C2C9082002DD53A5CFA85CDE9666B9D0F00818848C5E80F5FF3CE2D45A86ADEF2ABB607CBB011A
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:regf........b.Q.7.................. ...........1.h.2.t.x.y.e.w.y.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtm6....^..............................................................................................................................................................................................................................................................................................................................................u...HvLE......................5u.......X..........hbin................b.Q.7..........nk,.T...7..................................x...............................Test....p...sk..h...h.......t.......H...X.............4.........?.......................?....................... ... ...............YQ..fr]%dc;.............nk ..?#z................................p...h...............2...............Fixesey ........p...sk..x...x.......t.......H...X.............4.........?.......................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txt

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1096
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.13006727705212
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                                                                                                                                        MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                                                                                                                                        SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                                                                                                                                        SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                                                                                                                                        SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\unrealgame\LICENSES.chromium.html

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):9171467
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.787763754813168
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24576:MZS6w9635kuWSo8RptCNlmfzJ626a6Z6h6myH6Eppl/:MLFNSd
                                                                                                                                                                                                                                                                                        MD5:D4800A73FD4D4F68D55317BF0012F891
                                                                                                                                                                                                                                                                                        SHA1:8106D44142E242717CF0FC062D0D2371563165CA
                                                                                                                                                                                                                                                                                        SHA-256:5A0B1E32CFA292CB49BCB63009EFFC5A5A6A1471EDDDA3B3CD2CAF83591ECA43
                                                                                                                                                                                                                                                                                        SHA-512:54616E34185C52930D20D825130CF14BE0035E632836800F5DF815CB54CE1D4592A42051818C02C317F14EA478060193EB3069FFD86FC1F66C80DFC1F994745E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title">Credits</span>.<a id="print-link" href="#" hidden>Print</a>.<div class="open-sourced">. Chromium software is made available as source code. <a href="https://source.chromium.org/chromium">here</a>..</div>..<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):173936640
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.736875593239721
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1572864:43g4ABgGo8IOghrKu55SywCkfhjkqmgEiWQD8ObMHNEuzOLswR8sg8xboxPHlCY1:/1ROr7Gw3j
                                                                                                                                                                                                                                                                                        MD5:19A61DB800E68F1BCB442D9B2531E6BC
                                                                                                                                                                                                                                                                                        SHA1:8DB886403CCE76625864D0BAA9633FFE7AB1A1B5
                                                                                                                                                                                                                                                                                        SHA-256:9334EDFD32548B49F53584139B06A68500BF46B54BA6B36A2E23FE4E1BAB6027
                                                                                                                                                                                                                                                                                        SHA-512:AF7AAB592541EFAF905DE683B65C99D8FB9A478380FEF503F8EB2DA5A8E65346C52021A7A988CD1AFF7F2BC8AFEDE9CC7A63A92FA9F93E02C4A6C06EB415FA67
                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........."......~~..f......P.k........@..........................................`.............................................TT..Ya..T............B.4.D..........`..x{..........................h...(.....~.@...........0w...............................text....}~......~~................. ..`.rdata........~.......~.............@..@.data...PFE......"..................@....pdata..4.D...B...D.................@..@.00cfg..0............nK.............@..@.gxfg....B......D...pK.............@..@.retplne..... ........K..................rodata......0........K............. ..`.tls.........P........K.............@...CPADinfo8....`........K.............@...LZMADEC......p........K............. ..`_RDATA..\.............K.............@..@malloc_h..............K............. ..`.rsrc................K.............@..@.reloc..x{...`...|....O.............@..B................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\unrealgame\chrome_100_percent.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):164116
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.923076106829587
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:HzwJCGIekwQ6HBjO20FAXg6IL2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:Hzw1IekgBjO2FQpK18Gb0OV8ld0GecQJ
                                                                                                                                                                                                                                                                                        MD5:23713A5587CBC1054B56C45F5EED7CB6
                                                                                                                                                                                                                                                                                        SHA1:12D8CB62CB6E259B29E196DFB74D8432C4B9359D
                                                                                                                                                                                                                                                                                        SHA-256:BEBC30BA7FC60C7B904FBAEA6E635652385408C79E19175DFAC7EB165E950900
                                                                                                                                                                                                                                                                                        SHA-512:9B4DBF5266952421EA99F7B32F36EB35475EAE3194ED00AE5E62D9F423865CA035DE27C9F0EE7C1EE40E0B6C84FB8C947EB912EEFFA2D9C1AC30BE7CE2863C28
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:..........;.........]...8.....9.....:.....;.....<.....=.....>.....?.x...@.r...A.....B.....C.."..D..$..E.K/..F..:..G..<..H.,A..I.xD..J..G..K.3H..L.`K..M.PM..N..O..O..S..P..V..Y.,Z..Z..[..\..]..^.8^.._.._..f..`..g..f..i.(l..j.`p..k..r..l.Lx..m.`}..n.....o.....p.....q.-...r.....s.....t.{...u.....v.....w.....x.....y.E...{.....|....}.......]..................................&.................*.............................z.....s.......................'...X.....Y.....Z.....[.....\.....].r...b.....c.jH..d..R..p.zU..q.}W..r..`..s..b..t..e..u..k..v.(v..x..w..z.....{....|.G...}.....~.......C................;.....[.................7.....o...........=.................n.........................................a.....8...........<...........N.................E...........8...........8...... ..... ....."....$...v%...X&....&...^'...3(....)....)....*....+....-...d/....1....6....;....A....G...rM...6S....T....T...U...[V...$W....W....Y....Z....Z....^....c....d...od....d

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\unrealgame\chrome_200_percent.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):248194
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.950695016513651
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:PDQYaSN6svydgnWg0GpkQegx5GMRejnbdZnVE6YopSO4:UfSN6svyd6Wg0qI6edhVELoAO4
                                                                                                                                                                                                                                                                                        MD5:F3BA5BD3A7ACF1BA147F7E57C3D21CE8
                                                                                                                                                                                                                                                                                        SHA1:49D432820C0BD9801BA1E497E1C03DB785EA96E3
                                                                                                                                                                                                                                                                                        SHA-256:598738DE159E686C348BD1F0B75C82BB444C2B1BD3A6C9C6027CB960DDDAF63A
                                                                                                                                                                                                                                                                                        SHA-512:256791115B9ABF4E4817B1D18109ED566B444766E2A2C7678069FD3261158E956C0D6344A3D256EAEDED7DBCEB6E75E669E7A7862B6BAED8CE2A31748B206683
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:..........<.........b...8.....9.....:.....;.....<.....=.....>..%..?..*..@.....A.t5..B..9..C..B..D..E..E.aZ..F.$o..G.@t..H..~..I.....J.....K.2...L.}...M....N.d...O.....P.....Y.K...Z.....\.1...^....._.....f.....g.I...i.....j.....k.....l.(...m.H...n.....o.Z...p.....q.....r.....s..$..t.;,..u.o/..v.A8..w.a<..x..A..y..E..{..J..|..T..}..Y....._.....d.....i.....n.....q.....w....1{....c................................................2.....O.....%.........X.....Y.....Z.U...[.....\.....].....b.....c.&...d.q#..p.6&..q..*..r..4..s..6..t.f9..u..>..v..I..x.sK..z..S..{..Z..|..`..}.~e..~.`l....*n.....r.....v....F.....r...............r.......................s.................................*.....E.................W...................................5.....2.....P.....i...........[......9.....:....b?...ED...sE....G....H...lI....J...rL....M...vO....Q....S...uX...V`...7h...On...Ut....z........:....0....S....w............`.................|........7.........D.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4916712
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.398049523846958
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
                                                                                                                                                                                                                                                                                        MD5:2191E768CC2E19009DAD20DC999135A3
                                                                                                                                                                                                                                                                                        SHA1:F49A46BA0E954E657AAED1C9019A53D194272B6A
                                                                                                                                                                                                                                                                                        SHA-256:7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
                                                                                                                                                                                                                                                                                        SHA-512:5ADCB00162F284C16EC78016D301FC11559DD0A781FFBEFF822DB22EFBED168B11D7E5586EA82388E9503B0C7D3740CF2A08E243877F5319202491C8A641C970
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...^.}`.........." ......8..........<).......................................K.....:FK...`A........................................`%G.x....(G.P.....J.@.....H.......J..%....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\unrealgame\dxcompiler.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):22052864
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.533287810009358
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:196608:t88wi5NIJpjkPmJU1cbrmgPS9lb0yZV+mzxPBdTpDdK6NLNfD0EfX:m0PIjVb49lb0yZV+mzhBdNDQyL5DHfX
                                                                                                                                                                                                                                                                                        MD5:6FE9B96ABEF9D3CD5BBAB1FDCDD9B041
                                                                                                                                                                                                                                                                                        SHA1:E6E8F72D6B3BB975C8557780F8D3A8B3EA8C53F5
                                                                                                                                                                                                                                                                                        SHA-256:B63145DCB330466A4C3B1516B79FB41E40E21225219A2A12A6764DC9ED749E26
                                                                                                                                                                                                                                                                                        SHA-512:80DE095D50B9DFBEC5F5AC1EB7B177A1E68AF70B432FF08F7E9F55D98413C724ECFAB5371BC8FC73B1A3BE83FD073826FDB24104EB1B65EC588AE9350E45EB3B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ..........G..............................................PQ...........`A..........................................".p...H.".x.... P.......E..............0P.......!.......................!.(.......@...........p."..............................text...6........................... ..`.rdata....<.......<.................@..@.data...,.....E..n....D.............@....pdata........E......NE.............@..@.00cfg..8.....O......0O.............@..@.gxfg....0....O..2...2O.............@..@.retplne......O......dO..................tls..........P......fO.............@..._RDATA..\.....P......hO.............@..@.rsrc........ P......jO.............@..@.reloc.......0P......nO.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\unrealgame\dxil.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1508320
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.5008958859073855
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24576:LCfhbh3v3mtZDiAQeWj26k41ob2nrZ1rqpegQDJqoZtp22GkmgA9u808jQPEdkr1:LCfhbh3v3mtEAQrW41obCraeRhy9ou6r
                                                                                                                                                                                                                                                                                        MD5:CB72BEF6CE55AA7C9E3A09BD105DCA33
                                                                                                                                                                                                                                                                                        SHA1:D48336E1C8215CCF71A758F2FF7E5913342EA229
                                                                                                                                                                                                                                                                                        SHA-256:47FFDBD85438891B7963408EA26151BA26AE1B303BBDAB3A55F0F11056085893
                                                                                                                                                                                                                                                                                        SHA-512:C89EEBCF43196F8660EEE19CA41CC60C2A00D93F4B3BF118FE7A0DECCB3F831CAC0DB04B2F0C5590FA8D388EB1877A3706BA0D58C7A4E38507C6E64CFD6A50A0
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@AC.. -.. -.. -.OX).1 -.OX... -.OX(.. -.VU(.. -..R,.. -.. ,.. -.OX$.. -.OX-.. -.OX.. -.. ... -.OX/.. -.Rich. -.................PE..d...'..}.........." ........."...............................................@......H.....`A............................................l...l...P............`..t........%... .......o..p....................o..(....m..@............................................text...\........................... ..`.rdata..F...........................@..@.data....{.......T..................@....pdata..t....`......."..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\unrealgame\ffmpeg.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2876416
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.709900740965214
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:49152:1eTZNTGSy5FwVA7VYV6vUFpt6MiXiPbff6yfb7BrYE9ynTIgHYZozh:1e3a6j6M70MiXKOIg40
                                                                                                                                                                                                                                                                                        MD5:6223533C300AB4552C933D0317E6AC5D
                                                                                                                                                                                                                                                                                        SHA1:E3A47CC14E09BAFA601B48049D4B69A2A7EB0557
                                                                                                                                                                                                                                                                                        SHA-256:94336FA0E27041E16A30CC44DF45C79A679B07892F5A06B00FF0E69B2B75C7DC
                                                                                                                                                                                                                                                                                        SHA-512:921411DC827FBE29C18B5BAEF2B2F1987805F70A68960F8A4CFA0D4E5D2E0E6CD91282D0961452C9035A731633A0AA2380B7D3FF5CD4F0C46A35E93825AF51F1
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ......".........`........................................ B...........`A........................................h.*.....~.*.(.............@.H.............A..4....).......................).(...."#.@.............*.P............................text....."......."................. ..`.rdata........#.......".............@..@.data.........*.."....*.............@....pdata..H.....@.......*.............@..@.00cfg..8....pA......x+.............@..@.gxfg....,....A......z+.............@..@.retplne......A.......+..................tls..........A.......+.............@..._RDATA..\.....A.......+.............@..@.reloc...4....A..6....+.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\unrealgame\icudtl.dat

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):10717392
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.282534560973548
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:196608:hpgPBhORiuQwCliXUxbblHa93Whli6Z86WOH:n8wkDliXUxbblHa93Whli6Z8I
                                                                                                                                                                                                                                                                                        MD5:E0F1AD85C0933ECCE2E003A2C59AE726
                                                                                                                                                                                                                                                                                        SHA1:A8539FC5A233558EDFA264A34F7AF6187C3F0D4F
                                                                                                                                                                                                                                                                                        SHA-256:F5170AA2B388D23BEBF98784DD488A9BCB741470384A6A9A8D7A2638D768DEFB
                                                                                                                                                                                                                                                                                        SHA-512:714ED5AE44DFA4812081B8DE42401197C235A4FA05206597F4C7B4170DD37E8360CC75D176399B735C9AEC200F5B7D5C81C07B9AB58CBCA8DC08861C6814FB28
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html ......E.......E.......E..P/...E.../...E..P7...E...7...E...h...F...h.. F..Pi..0F......DF.....WF.....jF..P...}F.......F..`....F.......F.. ....F.......F..0....F.......G......G......(G.....;G..@...NG......aG.....tG.......G.......G..@....G.......G.......G.......G..P....G.......H.......H..P...2H......EH..`...UH......hH......yH..P....H.......H.......H..`....H.......H.......H..P....I.......I......-I..@...=I......PI......aI..@...uI.......I...0...I.. 1...I..p1...I...e...I...e...I...i...I..`i...J...i..)J...K..BJ..p...^J..."'.uJ..P.'..J....'..J...5'..J..06'..J...>'..J..P?'..K...D'..K...F'.0K...H'.IK...V'.hK....(..K....(..K..P.)..K....)..K..pW*..K..P.*..L...*+.?L..p.+.bL....+..L...U,..L....,..L....,..L....,..L..@.,..M....,.-M..P.-.IM.. e-.`M...e-.~M...R/..M.../..M..0.0..M..@.0..M..P.0..M....0..N....0.!N...,0.9N...,0.NN..0-0.fN...-0.vN...Y0..N...Z0..N..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\unrealgame\libEGL.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):478208
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.347615495434683
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:O8vfPFlvIomFGAlhralH6ofMNvF/r467Us6:O+1lvDMGAlhrAS1r4HX
                                                                                                                                                                                                                                                                                        MD5:6B974DA2331647B01E32E438481B1168
                                                                                                                                                                                                                                                                                        SHA1:44342DE39334B6BDACE4E41574A12D12B1FCEEFB
                                                                                                                                                                                                                                                                                        SHA-256:0BF8B76DA4EE066028F6DD29D6187D66029DD42256C9FFFCA376C397F1FE6224
                                                                                                                                                                                                                                                                                        SHA-512:76FF196F0E410B2496D98E803DE26A33456224A645A9E8B306428CBBE7775379FBFA2D6141D7D9F7A3B92E81B279C442B6AAF91890A2A92A38219CB8B6384870
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ..... ...&............................................................`A............................................h...X...(.......x........A..............H...L.......................0...(...@1..@............1...............................text...j........ .................. ..`.rdata......0.......$..............@..@.data....K....... ..................@....pdata...A.......B..................@..@.00cfg..8....`......................@..@.gxfg... &...p...(..................@..@.retplne.............2...................tls....!............4..............@..._RDATA..\............6..............@..@.rsrc...x............8..............@..@.reloc..H............>..............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\unrealgame\libGLESv2.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):7628288
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.4818122553892525
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:98304:ROgcDZUZuebM3uTiJAELjFC6YC2qyJFCoGkAp8UDw3XdCH:TXbMTyELjT2T9Xd0
                                                                                                                                                                                                                                                                                        MD5:F60247C298B280124A8D7705153B82C9
                                                                                                                                                                                                                                                                                        SHA1:4887CD33F66B8237CC427F5C5286AB5E8CDA6583
                                                                                                                                                                                                                                                                                        SHA-256:3E1084D0904D02D80FFD1039D0F6F9AF83771950A48D082AF438A4F018817838
                                                                                                                                                                                                                                                                                        SHA-512:0B40B6D06E01C46381169DFBB9154CCFFD9A9FB3F14D6C3EF9CCD2CAD9F1993AE8667630044BB57D3D837E405933233FBA8C2A6F8714C1FCB11FA14668DC04EC
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ......Y..F.......1L......................................pu...........`A..........................................k.......l.d.....t.......q..Y............t......dk.....................pck.(....1Y.@.............l.......k.@....................text...U.Y.......Y................. ..`.rdata...T...0Y..V....Y.............@..@.data...t.....m......tm.............@....pdata...Y....q..Z....p.............@..@.00cfg..8.....t......Xs.............@..@.gxfg....,... t......Zs.............@..@.retplne.....Pt.......s..................tls....B....`t.......s.............@..._RDATA..\....pt.......s.............@..@.rsrc.........t.......s.............@..@.reloc........t.......s.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\unrealgame\resources.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):5490791
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.995643167540278
                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                        SSDEEP:98304:jWl9sXMTWPVcz+cd312MEqUdgpEGh1SK/P3UyoMLX5urwrAs9svQAqBDjhEfz3hr:jWTsXMydB831EqXhMK/P6kX5ukr1AYDS
                                                                                                                                                                                                                                                                                        MD5:1F8CC7B280B1BA74E784B2FF7CF74F95
                                                                                                                                                                                                                                                                                        SHA1:602CF5248E8C47D803480B1BF21A674E4D22D2B9
                                                                                                                                                                                                                                                                                        SHA-256:8B6EFFC81CFB127E62C4D89681DC5764DB013429769D792A25588773C8834697
                                                                                                                                                                                                                                                                                        SHA-512:4F8FE54BC3B80F40745844656895261AF11D96800DD5B472065867F88BFD78AE5D7754709FF566B79E6F75257E2685153E2EFCDAE46D95753A30EE3E48870A49
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........2...f.J...{..)..|..,..~.40.....B.....D.....F.....Q..........K.....r...........G.................H.....-.....Z...........(................<.....<j....<.....<.....<N....<.....<.....<y....<.....<.3...<.:...<.>...<.>..2=.>..3=.B..4=|D..;=.I..<=.R..==pa..D=....E=u...F=....H=....I=....r=K...s=F...t=....u=....v=....w=....x=.....=.....=E....=9...8E....]Eg...^E...._Et...`Ek...aE+...jE.&..kE.8..lE.J..jJ&S..kJ._..lJ.g..mJbk..nJHn..oJ.x..pJ.z..qJB{..rJ.|..sJ....tJ....PK+...QK....[.....[.....[.....[.....[<....[.....[.....[."...[.1...[.5...\.;...\dJ...\YM...\.R...\.S...\6U...\.V...\._...\.e...\vk...\nv...\.|...\.....\.....\....\.....\....\p....\3....\.....\.....\N....].....].h...].m....o....r..............7........7....(...................................I....1.........................O.....%...........<.................rw................T...........b.....u.....b...........2........".....#.....d.....e.D...f.....g.....h.....i.\...j..!....E%.....%..Z.....d..q..e.2u

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\unrealgame\snapshot_blob.bin

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):272982
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.234290196619715
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:EfEczYp4bhaz8L97I+sTDqFCDx8MayiOCY7nf4ZAqi:EfNzHbhaM1I1I6813OCQ
                                                                                                                                                                                                                                                                                        MD5:08C765BF4BA4206CC16E99E123F57DFB
                                                                                                                                                                                                                                                                                        SHA1:498D5DD5FE194943E59E63F3135FBA893CA419F7
                                                                                                                                                                                                                                                                                        SHA-256:640A40221B1684C5EA7C4887ADBF64FE281A6DC5F3195002824A9193E7C10BCA
                                                                                                                                                                                                                                                                                        SHA-512:5278DB9E2B04E65CE6EC3FB3B3CD81DC37DC3DBA94E042634A71FAD0AFA8B11691B13F2BFC447FCBCD29D155C9F187CCEA672310FF44DAFC4400FF792B660DC6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........P..X....11.9.169.4-electron.0............................................J...a..~z..........PJ..a........a........a2.......ar.......a8.......a............m...rm....m...2n....n....n...Ro....o....p...rp....p...2q....q..(Jb...*L.....@..F^.5..9.`.....(Jb....P.....@..F^..`.....H...IDa........Db............D`.....1.D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.......................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\unrealgame\v8_context_snapshot.bin

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):636225
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.200768198034184
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:nmin78TFFswIRyWKeCi79t4LiysPkxuTGmv:nb72FAyWKeCi79mLiys8xGGmv
                                                                                                                                                                                                                                                                                        MD5:0FFBF3A05A1B056924081B7788FECF4B
                                                                                                                                                                                                                                                                                        SHA1:E29FC98F8FAE7BA7128F1E2C0F21F4FBA39026BC
                                                                                                                                                                                                                                                                                        SHA-256:4B259A5932453F5828CAC0BAD68B8639AC63F5078CEC1849711DC933B5A5DBE4
                                                                                                                                                                                                                                                                                        SHA-512:5C0B0D2ECCB87608E8F93F36A68BA3759E83C10E11F38C910ACB53E1003519AC5B9617A946AE0BD9DBDAAE7200FAD292FA71C2BC59622AC3951A68B3BFDA5D8C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........6..An...11.9.169.4-electron.0....................................................G.......d..........0...a........a........a........ar.......a8.......a............m...rm....m...2n....n....n...Ro....o....p...rp....p...2q....q..(Jb...*L.....@..F^.5..9.`.....(Jb....P.....@..F^..`.....H...IDa........Db............D`.....1.D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L...............................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\unrealgame\vk_swiftshader.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):5161984
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.3620594803462724
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:49152:i0RrhILSORs1a6fjFDye6GF6tr/sELa0xsEpm+PUdHuogL/1yVmHESrFo7Ta6CJS:LJhI+7OO+YoBksJP2Krhf3
                                                                                                                                                                                                                                                                                        MD5:739872A8FDFD9C979BC88BC40710BA00
                                                                                                                                                                                                                                                                                        SHA1:9A68890AFDDD899B09C084D2D50BBC3894FDDA74
                                                                                                                                                                                                                                                                                        SHA-256:EA3EB4945DC55DFD0022F43E8852290EF37421C68CDDEA02268509F2FB2F33B8
                                                                                                                                                                                                                                                                                        SHA-512:2AF3A229DC3422858927D98289B0FE2423F69C2EB10176A28FD4B5833E61D2B2F69E47C7844681F3127AD0CE1BEF4FE89DF39A1D81831C499339E8CEAFA8AC39
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ......>...........6......................................PP...........`A.........................................!J.~...FAJ.P.....O.......M.le............O..}....I.......................I.(...@A>.@............EJ.P............................text...G,>.......>................. ..`.rdata.......@>......2>.............@..@.data...P.... K.......K.............@....pdata..le....M..f....L.............@..@.00cfg..8....PO.......N.............@..@.gxfg....-...`O.......N.............@..@.retplne......O......:N..................tls....Y.....O......<N.............@..._RDATA..\.....O......>N.............@..@.rsrc.........O......@N.............@..@.reloc...}....O..~...FN.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\unrealgame\vk_swiftshader_icd.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):106
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.724752649036734
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                                                                                                                                        MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                                                                                                        SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                                                                                                        SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                                                                                                        SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\unrealgame\vulkan-1.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):948736
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.590960354245508
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24576:OdN5R4voSsQpKFZODRx6Z5WdDYsH26g3P0zAk7uIk:8NZSsQp11x6Z5WdDYsH26g3P0zAk7uR
                                                                                                                                                                                                                                                                                        MD5:1F366A987240BDB065BCCABB6665D45F
                                                                                                                                                                                                                                                                                        SHA1:C1B8E62D6A8D963EDB4A60C662FDDDD86B727448
                                                                                                                                                                                                                                                                                        SHA-256:4B3FCD25A41E5F6677337089A99EE024DA510EAE75DFEFA52B496934A9553880
                                                                                                                                                                                                                                                                                        SHA-512:333F99AC95CF62F0112760C9898A90DBE9EE0930844038B53CB8308F10A5573ED258F3211EEE5FD280210E007BF0A40ACE4D4E1959A1BE728D7FD1D9E46BF8BC
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ......................................................... ............`A........................................h...<!...&..P................p..............L...............................(...@...@............*...............................text...{........................... ..`.rdata..............................@..@.data...(M....... ..................@....pdata...p.......r..................@..@.00cfg..8............6..............@..@.gxfg...P).......*...8..............@..@.retplne.............b...................tls.................d..............@..._RDATA..\............f..............@..@.rsrc................h..............@..@.reloc..L............l..............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Chromium_Cookies.zip

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):510
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.363103851085652
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:5jK2cOxQSDq3Og+40MzqY71JIPcD/jPu41q0cx+4ZjcIggC4GMte2cOVSSdSDq3h:5joSDc0Mp/IPU64tBfkC4hFSSdG/g
                                                                                                                                                                                                                                                                                        MD5:EC25926345FE6CD49F5D46C2821749A6
                                                                                                                                                                                                                                                                                        SHA1:67E68C29CA1930758414C81DFE5161EB997E3121
                                                                                                                                                                                                                                                                                        SHA-256:101328D51DF4B0723ADFCDF41FB2E2301E37D4F715E60A6CF9D022931BA16702
                                                                                                                                                                                                                                                                                        SHA-512:32A66BE228A3B19E6F66E1325B19DB2CFBA343C2FBB7531613BABE240960EF26518CA7DF0BC73FCD0B95D236149AD8C5D949E127E50DA6FBFB8CE1A38F107943
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:PK..........$Z................chrome_default_Cookies.txtPK..........$Z".4.............edge_default_Cookies.txt..MK.@......-qg7;.[.a.R..!.......$........(i/3..y.....?zR.]..m...3%.k.iz#...........j.o......|.&.....x..~....\.;... .1..A......I.4h..r9.L$.....i.....eS.......z.68...=Zn.2.T..l........b..~...9.T[.s!.r.%J..*@QH.\J.....|.PK............$Z..............................chrome_default_Cookies.txtPK............$Z".4.......................8...edge_default_Cookies.txtPK..............Z.....

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dsx35ajs.yk0.ps1

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f0ojcvxi.wnw.psm1

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\all-files.zip

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                                                                                        File Type:Zip archive data (empty)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):22
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0476747992754052
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:pjt/l:Nt
                                                                                                                                                                                                                                                                                        MD5:76CDB2BAD9582D23C1F6F4D868218D6C
                                                                                                                                                                                                                                                                                        SHA1:B04F3EE8F5E43FA3B162981B50BB72FE1ACABB33
                                                                                                                                                                                                                                                                                        SHA-256:8739C76E681F900923B900C9DF0EF75CF421D39CABB54650C4B9AD19B6A76D85
                                                                                                                                                                                                                                                                                        SHA-512:5E2F959F36B66DF0580A94F384C5FC1CEEEC4B2A3925F062D7B68F21758B86581AC2ADCFDDE73A171A28496E758EF1B23CA4951C05455CDAE9357CC3B5A5825F
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:PK....................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):476
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.221133957760594
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:3op0MCJjopYxVFPopYzh1t3pYxTpKopYxsHQKopYzzHbopYz3V5GVkQvfopYzR:BpVXATKsH9HPcv
                                                                                                                                                                                                                                                                                        MD5:D186941C3975135B9B9A6910F08E8609
                                                                                                                                                                                                                                                                                        SHA1:982046A5EE380D041BF692A966524989D770BAAD
                                                                                                                                                                                                                                                                                        SHA-256:2650EAFB6B59E4C515BD47D2DF5DA2B46A70307B7A637A5EA3A436AC1E65FC82
                                                                                                                                                                                                                                                                                        SHA-512:E7FB8F4B1FD4CD0FDAF093451D8F93DD8DB2600C79F1361182BAAAA37F8A3251E58E956F6683A797EF022C6776686017536FB8882A0EA0F0E47B4D358C1BD76B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:ntp.msn.com.FALSE./edge.FALSE.0._C_Auth...msn.com.FALSE./.TRUE.0._C_ETH.1.ntp.msn.com.FALSE./.FALSE.0.sptmarket.en-GB||us|en-us|en-us|en||cf=8|RefA=2F15CAA1C6214379B069A7DC7B60E9D8.RefC=2025-01-04T23:04:56Z..msn.com.FALSE./.TRUE.0.USRLOC...msn.com.FALSE./.TRUE.0.MUID.1BECDD98109D6B3B2623C8F211B46ABE.ntp.msn.com.FALSE./.FALSE.0.MUIDB.1BECDD98109D6B3B2623C8F211B46ABE..msn.com.FALSE./.FALSE.0._EDGE_S.F=1&SID=357E638976726F68165F76E3775C6E39..msn.com.FALSE./.FALSE.0._EDGE_V.1

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\LICENSE.electron.txt

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1096
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.13006727705212
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                                                                                                                                        MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                                                                                                                                        SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                                                                                                                                        SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                                                                                                                                        SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\LICENSES.chromium.html

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):9171467
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.787763754813168
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24576:MZS6w9635kuWSo8RptCNlmfzJ626a6Z6h6myH6Eppl/:MLFNSd
                                                                                                                                                                                                                                                                                        MD5:D4800A73FD4D4F68D55317BF0012F891
                                                                                                                                                                                                                                                                                        SHA1:8106D44142E242717CF0FC062D0D2371563165CA
                                                                                                                                                                                                                                                                                        SHA-256:5A0B1E32CFA292CB49BCB63009EFFC5A5A6A1471EDDDA3B3CD2CAF83591ECA43
                                                                                                                                                                                                                                                                                        SHA-512:54616E34185C52930D20D825130CF14BE0035E632836800F5DF815CB54CE1D4592A42051818C02C317F14EA478060193EB3069FFD86FC1F66C80DFC1F994745E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title">Credits</span>.<a id="print-link" href="#" hidden>Print</a>.<div class="open-sourced">. Chromium software is made available as source code. <a href="https://source.chromium.org/chromium">here</a>..</div>..<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\YoransSetup.exe

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):173936640
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.736875593239721
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1572864:43g4ABgGo8IOghrKu55SywCkfhjkqmgEiWQD8ObMHNEuzOLswR8sg8xboxPHlCY1:/1ROr7Gw3j
                                                                                                                                                                                                                                                                                        MD5:19A61DB800E68F1BCB442D9B2531E6BC
                                                                                                                                                                                                                                                                                        SHA1:8DB886403CCE76625864D0BAA9633FFE7AB1A1B5
                                                                                                                                                                                                                                                                                        SHA-256:9334EDFD32548B49F53584139B06A68500BF46B54BA6B36A2E23FE4E1BAB6027
                                                                                                                                                                                                                                                                                        SHA-512:AF7AAB592541EFAF905DE683B65C99D8FB9A478380FEF503F8EB2DA5A8E65346C52021A7A988CD1AFF7F2BC8AFEDE9CC7A63A92FA9F93E02C4A6C06EB415FA67
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........."......~~..f......P.k........@..........................................`.............................................TT..Ya..T............B.4.D..........`..x{..........................h...(.....~.@...........0w...............................text....}~......~~................. ..`.rdata........~.......~.............@..@.data...PFE......"..................@....pdata..4.D...B...D.................@..@.00cfg..0............nK.............@..@.gxfg....B......D...pK.............@..@.retplne..... ........K..................rodata......0........K............. ..`.tls.........P........K.............@...CPADinfo8....`........K.............@...LZMADEC......p........K............. ..`_RDATA..\.............K.............@..@malloc_h..............K............. ..`.rsrc................K.............@..@.reloc..x{...`...|....O.............@..B................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\chrome_100_percent.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):164116
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.923076106829587
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:HzwJCGIekwQ6HBjO20FAXg6IL2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:Hzw1IekgBjO2FQpK18Gb0OV8ld0GecQJ
                                                                                                                                                                                                                                                                                        MD5:23713A5587CBC1054B56C45F5EED7CB6
                                                                                                                                                                                                                                                                                        SHA1:12D8CB62CB6E259B29E196DFB74D8432C4B9359D
                                                                                                                                                                                                                                                                                        SHA-256:BEBC30BA7FC60C7B904FBAEA6E635652385408C79E19175DFAC7EB165E950900
                                                                                                                                                                                                                                                                                        SHA-512:9B4DBF5266952421EA99F7B32F36EB35475EAE3194ED00AE5E62D9F423865CA035DE27C9F0EE7C1EE40E0B6C84FB8C947EB912EEFFA2D9C1AC30BE7CE2863C28
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:..........;.........]...8.....9.....:.....;.....<.....=.....>.....?.x...@.r...A.....B.....C.."..D..$..E.K/..F..:..G..<..H.,A..I.xD..J..G..K.3H..L.`K..M.PM..N..O..O..S..P..V..Y.,Z..Z..[..\..]..^.8^.._.._..f..`..g..f..i.(l..j.`p..k..r..l.Lx..m.`}..n.....o.....p.....q.-...r.....s.....t.{...u.....v.....w.....x.....y.E...{.....|....}.......]..................................&.................*.............................z.....s.......................'...X.....Y.....Z.....[.....\.....].r...b.....c.jH..d..R..p.zU..q.}W..r..`..s..b..t..e..u..k..v.(v..x..w..z.....{....|.G...}.....~.......C................;.....[.................7.....o...........=.................n.........................................a.....8...........<...........N.................E...........8...........8...... ..... ....."....$...v%...X&....&...^'...3(....)....)....*....+....-...d/....1....6....;....A....G...rM...6S....T....T...U...[V...$W....W....Y....Z....Z....^....c....d...od....d

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\chrome_200_percent.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):248194
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.950695016513651
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:PDQYaSN6svydgnWg0GpkQegx5GMRejnbdZnVE6YopSO4:UfSN6svyd6Wg0qI6edhVELoAO4
                                                                                                                                                                                                                                                                                        MD5:F3BA5BD3A7ACF1BA147F7E57C3D21CE8
                                                                                                                                                                                                                                                                                        SHA1:49D432820C0BD9801BA1E497E1C03DB785EA96E3
                                                                                                                                                                                                                                                                                        SHA-256:598738DE159E686C348BD1F0B75C82BB444C2B1BD3A6C9C6027CB960DDDAF63A
                                                                                                                                                                                                                                                                                        SHA-512:256791115B9ABF4E4817B1D18109ED566B444766E2A2C7678069FD3261158E956C0D6344A3D256EAEDED7DBCEB6E75E669E7A7862B6BAED8CE2A31748B206683
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:..........<.........b...8.....9.....:.....;.....<.....=.....>..%..?..*..@.....A.t5..B..9..C..B..D..E..E.aZ..F.$o..G.@t..H..~..I.....J.....K.2...L.}...M....N.d...O.....P.....Y.K...Z.....\.1...^....._.....f.....g.I...i.....j.....k.....l.(...m.H...n.....o.Z...p.....q.....r.....s..$..t.;,..u.o/..v.A8..w.a<..x..A..y..E..{..J..|..T..}..Y....._.....d.....i.....n.....q.....w....1{....c................................................2.....O.....%.........X.....Y.....Z.U...[.....\.....].....b.....c.&...d.q#..p.6&..q..*..r..4..s..6..t.f9..u..>..v..I..x.sK..z..S..{..Z..|..`..}.~e..~.`l....*n.....r.....v....F.....r...............r.......................s.................................*.....E.................W...................................5.....2.....P.....i...........[......9.....:....b?...ED...sE....G....H...lI....J...rL....M...vO....Q....S...uX...V`...7h...On...Ut....z........:....0....S....w............`.................|........7.........D.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\d3dcompiler_47.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4916712
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.398049523846958
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
                                                                                                                                                                                                                                                                                        MD5:2191E768CC2E19009DAD20DC999135A3
                                                                                                                                                                                                                                                                                        SHA1:F49A46BA0E954E657AAED1C9019A53D194272B6A
                                                                                                                                                                                                                                                                                        SHA-256:7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
                                                                                                                                                                                                                                                                                        SHA-512:5ADCB00162F284C16EC78016D301FC11559DD0A781FFBEFF822DB22EFBED168B11D7E5586EA82388E9503B0C7D3740CF2A08E243877F5319202491C8A641C970
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...^.}`.........." ......8..........<).......................................K.....:FK...`A........................................`%G.x....(G.P.....J.@.....H.......J..%....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\dxcompiler.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):22052864
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.533287810009358
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:196608:t88wi5NIJpjkPmJU1cbrmgPS9lb0yZV+mzxPBdTpDdK6NLNfD0EfX:m0PIjVb49lb0yZV+mzhBdNDQyL5DHfX
                                                                                                                                                                                                                                                                                        MD5:6FE9B96ABEF9D3CD5BBAB1FDCDD9B041
                                                                                                                                                                                                                                                                                        SHA1:E6E8F72D6B3BB975C8557780F8D3A8B3EA8C53F5
                                                                                                                                                                                                                                                                                        SHA-256:B63145DCB330466A4C3B1516B79FB41E40E21225219A2A12A6764DC9ED749E26
                                                                                                                                                                                                                                                                                        SHA-512:80DE095D50B9DFBEC5F5AC1EB7B177A1E68AF70B432FF08F7E9F55D98413C724ECFAB5371BC8FC73B1A3BE83FD073826FDB24104EB1B65EC588AE9350E45EB3B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ..........G..............................................PQ...........`A..........................................".p...H.".x.... P.......E..............0P.......!.......................!.(.......@...........p."..............................text...6........................... ..`.rdata....<.......<.................@..@.data...,.....E..n....D.............@....pdata........E......NE.............@..@.00cfg..8.....O......0O.............@..@.gxfg....0....O..2...2O.............@..@.retplne......O......dO..................tls..........P......fO.............@..._RDATA..\.....P......hO.............@..@.rsrc........ P......jO.............@..@.reloc.......0P......nO.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\dxil.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1508320
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.5008958859073855
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24576:LCfhbh3v3mtZDiAQeWj26k41ob2nrZ1rqpegQDJqoZtp22GkmgA9u808jQPEdkr1:LCfhbh3v3mtEAQrW41obCraeRhy9ou6r
                                                                                                                                                                                                                                                                                        MD5:CB72BEF6CE55AA7C9E3A09BD105DCA33
                                                                                                                                                                                                                                                                                        SHA1:D48336E1C8215CCF71A758F2FF7E5913342EA229
                                                                                                                                                                                                                                                                                        SHA-256:47FFDBD85438891B7963408EA26151BA26AE1B303BBDAB3A55F0F11056085893
                                                                                                                                                                                                                                                                                        SHA-512:C89EEBCF43196F8660EEE19CA41CC60C2A00D93F4B3BF118FE7A0DECCB3F831CAC0DB04B2F0C5590FA8D388EB1877A3706BA0D58C7A4E38507C6E64CFD6A50A0
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@AC.. -.. -.. -.OX).1 -.OX... -.OX(.. -.VU(.. -..R,.. -.. ,.. -.OX$.. -.OX-.. -.OX.. -.. ... -.OX/.. -.Rich. -.................PE..d...'..}.........." ........."...............................................@......H.....`A............................................l...l...P............`..t........%... .......o..p....................o..(....m..@............................................text...\........................... ..`.rdata..F...........................@..@.data....{.......T..................@....pdata..t....`......."..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\ffmpeg.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2876416
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.709900740965214
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:49152:1eTZNTGSy5FwVA7VYV6vUFpt6MiXiPbff6yfb7BrYE9ynTIgHYZozh:1e3a6j6M70MiXKOIg40
                                                                                                                                                                                                                                                                                        MD5:6223533C300AB4552C933D0317E6AC5D
                                                                                                                                                                                                                                                                                        SHA1:E3A47CC14E09BAFA601B48049D4B69A2A7EB0557
                                                                                                                                                                                                                                                                                        SHA-256:94336FA0E27041E16A30CC44DF45C79A679B07892F5A06B00FF0E69B2B75C7DC
                                                                                                                                                                                                                                                                                        SHA-512:921411DC827FBE29C18B5BAEF2B2F1987805F70A68960F8A4CFA0D4E5D2E0E6CD91282D0961452C9035A731633A0AA2380B7D3FF5CD4F0C46A35E93825AF51F1
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ......".........`........................................ B...........`A........................................h.*.....~.*.(.............@.H.............A..4....).......................).(...."#.@.............*.P............................text....."......."................. ..`.rdata........#.......".............@..@.data.........*.."....*.............@....pdata..H.....@.......*.............@..@.00cfg..8....pA......x+.............@..@.gxfg....,....A......z+.............@..@.retplne......A.......+..................tls..........A.......+.............@..._RDATA..\.....A.......+.............@..@.reloc...4....A..6....+.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\icudtl.dat

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):10717392
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.282534560973548
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:196608:hpgPBhORiuQwCliXUxbblHa93Whli6Z86WOH:n8wkDliXUxbblHa93Whli6Z8I
                                                                                                                                                                                                                                                                                        MD5:E0F1AD85C0933ECCE2E003A2C59AE726
                                                                                                                                                                                                                                                                                        SHA1:A8539FC5A233558EDFA264A34F7AF6187C3F0D4F
                                                                                                                                                                                                                                                                                        SHA-256:F5170AA2B388D23BEBF98784DD488A9BCB741470384A6A9A8D7A2638D768DEFB
                                                                                                                                                                                                                                                                                        SHA-512:714ED5AE44DFA4812081B8DE42401197C235A4FA05206597F4C7B4170DD37E8360CC75D176399B735C9AEC200F5B7D5C81C07B9AB58CBCA8DC08861C6814FB28
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html ......E.......E.......E..P/...E.../...E..P7...E...7...E...h...F...h.. F..Pi..0F......DF.....WF.....jF..P...}F.......F..`....F.......F.. ....F.......F..0....F.......G......G......(G.....;G..@...NG......aG.....tG.......G.......G..@....G.......G.......G.......G..P....G.......H.......H..P...2H......EH..`...UH......hH......yH..P....H.......H.......H..`....H.......H.......H..P....I.......I......-I..@...=I......PI......aI..@...uI.......I...0...I.. 1...I..p1...I...e...I...e...I...i...I..`i...J...i..)J...K..BJ..p...^J..."'.uJ..P.'..J....'..J...5'..J..06'..J...>'..J..P?'..K...D'..K...F'.0K...H'.IK...V'.hK....(..K....(..K..P.)..K....)..K..pW*..K..P.*..L...*+.?L..p.+.bL....+..L...U,..L....,..L....,..L....,..L..@.,..M....,.-M..P.-.IM.. e-.`M...e-.~M...R/..M.../..M..0.0..M..@.0..M..P.0..M....0..N....0.!N...,0.9N...,0.NN..0-0.fN...-0.vN...Y0..N...Z0..N..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\libEGL.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):478208
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.347615495434683
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:O8vfPFlvIomFGAlhralH6ofMNvF/r467Us6:O+1lvDMGAlhrAS1r4HX
                                                                                                                                                                                                                                                                                        MD5:6B974DA2331647B01E32E438481B1168
                                                                                                                                                                                                                                                                                        SHA1:44342DE39334B6BDACE4E41574A12D12B1FCEEFB
                                                                                                                                                                                                                                                                                        SHA-256:0BF8B76DA4EE066028F6DD29D6187D66029DD42256C9FFFCA376C397F1FE6224
                                                                                                                                                                                                                                                                                        SHA-512:76FF196F0E410B2496D98E803DE26A33456224A645A9E8B306428CBBE7775379FBFA2D6141D7D9F7A3B92E81B279C442B6AAF91890A2A92A38219CB8B6384870
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ..... ...&............................................................`A............................................h...X...(.......x........A..............H...L.......................0...(...@1..@............1...............................text...j........ .................. ..`.rdata......0.......$..............@..@.data....K....... ..................@....pdata...A.......B..................@..@.00cfg..8....`......................@..@.gxfg... &...p...(..................@..@.retplne.............2...................tls....!............4..............@..._RDATA..\............6..............@..@.rsrc...x............8..............@..@.reloc..H............>..............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\libGLESv2.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):7628288
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.4818122553892525
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:98304:ROgcDZUZuebM3uTiJAELjFC6YC2qyJFCoGkAp8UDw3XdCH:TXbMTyELjT2T9Xd0
                                                                                                                                                                                                                                                                                        MD5:F60247C298B280124A8D7705153B82C9
                                                                                                                                                                                                                                                                                        SHA1:4887CD33F66B8237CC427F5C5286AB5E8CDA6583
                                                                                                                                                                                                                                                                                        SHA-256:3E1084D0904D02D80FFD1039D0F6F9AF83771950A48D082AF438A4F018817838
                                                                                                                                                                                                                                                                                        SHA-512:0B40B6D06E01C46381169DFBB9154CCFFD9A9FB3F14D6C3EF9CCD2CAD9F1993AE8667630044BB57D3D837E405933233FBA8C2A6F8714C1FCB11FA14668DC04EC
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ......Y..F.......1L......................................pu...........`A..........................................k.......l.d.....t.......q..Y............t......dk.....................pck.(....1Y.@.............l.......k.@....................text...U.Y.......Y................. ..`.rdata...T...0Y..V....Y.............@..@.data...t.....m......tm.............@....pdata...Y....q..Z....p.............@..@.00cfg..8.....t......Xs.............@..@.gxfg....,... t......Zs.............@..@.retplne.....Pt.......s..................tls....B....`t.......s.............@..._RDATA..\....pt.......s.............@..@.rsrc.........t.......s.............@..@.reloc........t.......s.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\af.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):466401
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.410326210149822
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:mgU3Bkzo+VhrASMKVkP+S2Z12JynubrmIrf8FQgB2CSI2Ts37UzO25g/tz6XiDie:mgU3BkzoMhcSMaO+S2Z12JynubrmIrfE
                                                                                                                                                                                                                                                                                        MD5:64FB5AA291CB4C48C9D041F824F87B8C
                                                                                                                                                                                                                                                                                        SHA1:7B77CC5C207A0B09B8FF6ACA389A8973F5E58A46
                                                                                                                                                                                                                                                                                        SHA-256:9E601935D675CF1DD17A052FDFC149825C5735B674C6B926432D5DB6F37E6F32
                                                                                                                                                                                                                                                                                        SHA-512:30BBF36D2048E547CFE21DFFC9317CA43E109BCF33A1D35161EFAA7030884C8598DF445C90660D47C83452E64566A6FDE8FD4B14C253A72C0155FF3EE3746000
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.R...h.Z...i.b...j.n...k.}...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......%.....*.....2.....:.....B.....I.....P.....W.....X.....Y.....^.....k.....z.................!.......................U.......................g.................%................. .....9.............................j.......................^.......................m.......................y.......................u.........................................2.................c.....z.................,.....=.............................J.............................e.......................Y.......................5.....].....f.................%...................................z...........(.....?.............................z.......................X.......................P.......................s.......................F.......................F.......................l...........8.....L...........%.....d.................J.....~.................!.....E.....S.................,.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\am.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):758214
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.884312015337586
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:jP6sfNTZcuFzYzxpTEzH3dj2dNNzTh5t9GsVr5OxPh7x30jH8+F:LhNTZfYzxezHNj2dNNzTh5t9GsVr5Oxk
                                                                                                                                                                                                                                                                                        MD5:F1359ECCB01E1F19F1629434C2D66FF3
                                                                                                                                                                                                                                                                                        SHA1:96503F4B7DD4B734F546BFD74BBE5F2637FC4ABD
                                                                                                                                                                                                                                                                                        SHA-256:ECCD96C07AB77B5E9D2AD769F2F57E9F52AD69A6C6FDEC38D73FF7CB76854E71
                                                                                                                                                                                                                                                                                        SHA-512:9D8699508F5DC2D76E649C4BD4F35F51954EC7F19DF0CD696F93527F7D1FCACC1C837B752128E632B7893A168F534CA066642C68AA6916805BED385B3BCD803E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#r.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.!...y.'...z.6...|.<...}.N.....V.....[.....c.....k.....s.....z.......................................................................T.....t.....5...........d...........g.....).......................C.................T................./...........(.....r...........&.................'.......................Q...........j.............................v...........A...........2.....Q.....,...........s.................w.................:.......................f.............................v......................./.................2.................'...........?.................,.............................h.............................5.....\...........T.................I.............................U............................. .....B...........f.................. .....!....h!.....!....[".... #.....#.....#.....$....9%.....%.....%.....&....R'.....'.....'....@(.....(.....(.....(.....)....0*.....*

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\ar.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):829342
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.89844194314202
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:y/YQPFNBY9u/N/RL8u4NOIv2U3LwFkNN5VNNx+QGqhXp1:y/b4CYv5v+0
                                                                                                                                                                                                                                                                                        MD5:C3111CE17B2C878265B9BD56B590E212
                                                                                                                                                                                                                                                                                        SHA1:F5C7B8C06C9E746C2AE8C1B48FDEF965D2F4B574
                                                                                                                                                                                                                                                                                        SHA-256:7FDBB3419CE0A1C8CA9CD189D8D41504DFFE6CA5A0468C137C245C65F12791CE
                                                                                                                                                                                                                                                                                        SHA-512:57261566B45DC37CFB76809584B3A5F22B4A84772A3DCD08D26314F1BB3932EFC6D0D33FDAAF5BD2B4C8B93AB8DE3D0344A0FCEAA36ADAD6C59B0BCFB847E504
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.....h.....i.....j.....k.*...l.5...n.=...o.B...p.O...q.U...r.a...s.r...t.{...v.....w.....y.....z.....|.....}...................................................................$.....A.....x.......................1.....U...................................c.......................X.................m...........G.....^...........Q.....{...........:.................c.................0.....V.....5.......................I...........=.....k.................G.....b.....i.....V...........5...........C.....m...........4.......................{...........=.....].................7.....U...........T.................J...........4.....X...........].................9.............................Q.................S.................+...........&.....[...................................=.................B.............................. ....J ....p ..... ....g!.....!.....!.....".....#....j$.....$....I%.....%....'&....^&.....&....l'.....'.....'....)(.....(.....(.....(.....)....-*.....*.....*....A+

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\bg.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):863130
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.656204163251702
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24576:YnChOq0aAlYMdAs1axUlVbf/1A373Ze93aAK5kVDMb/Rumped2il5eJOueRJeQtS:YnChOq0aAlYtUlVbf/1A373Zc3a1kVDg
                                                                                                                                                                                                                                                                                        MD5:5FF835B0409286AD9A0EE6BCD8F8DB34
                                                                                                                                                                                                                                                                                        SHA1:859EBAA36143E5DE6E4BA5E89882FE013BD94352
                                                                                                                                                                                                                                                                                        SHA-256:862F8693174997662CA58D85E6115F02F03EE1EEE7A8305206899A6F3352E885
                                                                                                                                                                                                                                                                                        SHA-512:84862CAB596650B09AC5CD0F0418D1AD9125CD3A84413E6B888F011270F4D8911D269CFC2D21E894330C339501D235AC3A72E85D6B5A9408A054E110C8C302D7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.\...h.d...i.l...j.x...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.'...../.....4.....<.....D.....L.....S.....Z.....a.....b.....c.....h.........................................e...........m...................................p.................a...........(...........S.................X...........0.....V.....B...........b.................t...........@.....*...........v...........t............................._.....................................................V.....}.....$................./...........T.................{...........k...........:.................-...........@.................9.............................N.............................O...........+.................) ..... ....1!....s!.....!....."....I#.....#.....#.....$.....%.....&....p&.....'.....'.....'.....(.....(....|).....).....*.....*.....+.....,....B,....2-......................./.....0.....1....S1.....2.....2.....3....I3.....3....t4.....4.....4.....5.....6....:7

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\bn.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1114114
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.2739336010383
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:A8eHJg8EGJWyffcb383VhHMBl2EkdKk09fQ0/QB/LCLTkukkRBb6BiDSk50wDlX4:CCyyA04/LYTkunBbl5ZlI
                                                                                                                                                                                                                                                                                        MD5:F2C82B17F4E5C4231BB339838B566294
                                                                                                                                                                                                                                                                                        SHA1:42412C5C1976E49A1319B8B15A3DC023D5ED7225
                                                                                                                                                                                                                                                                                        SHA-256:BFFBA69E50FB7E260700A4C9332CB9DC253DCBBCE80A48C505C1A3A606338F28
                                                                                                                                                                                                                                                                                        SHA-512:FC2587BCD76B38F6BB26A1069E2B50F2E079C1F4FDB477513F4E95F61AD1B4F8BBAF0A6CA986B4AE163BDBB46A82F05225C8BF17665A3891B78D9459916F4557
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.R...h.Z...i.k...j.w...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.'...../.....4.....<.....D.....I.....Q.....X....._.....f.....g.....h.....m.............................I.....S...........K.....@...........................................................N...........J...........w...........d...........i.............................}.....c.....:........... .................c..........._...........q.......................#.....U.....y.....q...........k.....4.................E...........}.................|...........A.....d.....D...........]...........Y...........U...........9...........-.....S...................................\ ..... ..... .....!.....#.....#....$$.....%.....%....j&.....&....G'.....'.....(....B(.....).....)....=*....i*....Q+....*,.....,....9-.....-................./...../.....0.....0....+1.....2.....2.....3.....3.....4....C6....67....i7.....8.....9....G:.....:.....;....K<.....<.....<.....=.....>.....>....,?....2@.....A

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\ca.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):525355
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.410102897400805
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:cjBm87kcEeyKm3O5PAF4N3Mw2juwHzejm0t3lvq8E98URaIs3cmlLEYjCJkLyRRm:cjHFQ/RzZ9ZMN7MZlg5h1AiZ
                                                                                                                                                                                                                                                                                        MD5:A47B714BFEBCBFFC9AD229C31528F422
                                                                                                                                                                                                                                                                                        SHA1:6FCAA273CD3B84E1C34458A1E6187BF9FE4107C3
                                                                                                                                                                                                                                                                                        SHA-256:3A35437A487D709BC5B629EF4C2A7EB131051422B69B5DD7B6164E05914D74AF
                                                                                                                                                                                                                                                                                        SHA-512:1B96FDCD55E698A1D1358A3A9640A078A7AB46AEC85D18D38C8706B86F8AC337B3663526E3FD2A13F43B6E52E1084DEBFA6C6A36FD5DAEBD2886ADC6875AC334
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.\...h.d...i.l...j.x...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.'...../.....4.....<.....D.....L.....S.....Z.....a.....b.....c.....e.............................{...........w.................k.................`...........D.....c...........&.....^.....{...........*.....].....p...........!.....T.....e...........O.................D................. .................4.....H.................9.....M...........+.....p...........'.................1.............................~.......................\.......................\.......................k.......................X.......................1.....|.......................l.................4.......................i.......................d.................,.....{.................J.................0.............................m.......................w.................(...........M.................Z.................0.................2.....R.......................&.................>.....Z.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\cs.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):540874
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.8473369091132
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:iz2d7KgB2K0vXBs0K5t+8V2fNO93S6mP4:iCd752FvXKp5t+8VqOA6mP4
                                                                                                                                                                                                                                                                                        MD5:D971B54CFEBA1E7EA43377543A51DA69
                                                                                                                                                                                                                                                                                        SHA1:845A2BC2B9BECAB96E5BB505190110D7E99CA673
                                                                                                                                                                                                                                                                                        SHA-256:96F864FDB89AB20B709F986F05AB48F0C76D6C53E14F0CCB794DC877C6E4D01C
                                                                                                                                                                                                                                                                                        SHA-512:9F3FE6C1172E1C5068C36732590EE9DA5536821F3C942E1821E5345209EA11083D17F140C51169B1EBC8C10CC23DF31EF8F1A7C43B8B443A0FA0EB3A64B02175
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.,...h.4...i.<...j.H...k.W...l.b...n.j...o.o...p.|...q.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................#.....*.....1.....2.....3.....5.....E.....W.....i.....~.......................+.................$.....3...........6.........................................A.......................=.......................@...................................W.....y...........`.........................................=...................................K.....e.................4.....K.............................}.......................l................. .......................*.....{.......................p.................!.................*.....>...........3.....w.................&.....A.....U.......................6.................).....?.................`.................=.....X.....l...........O.......................n.................:...................................d.................h.......................].......................p.......

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\da.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):489104
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.449350926313114
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:xWc3LWQIkHv5azV0qt5cU+1+4kijqwlTwpJwawobR09vcui51PrEEr/d4vTGqVwd:xWAjIkHQy1PjjQJ5Vr6TpM
                                                                                                                                                                                                                                                                                        MD5:A8D0F3BF65BF7DF6CAB590ECD774DBE1
                                                                                                                                                                                                                                                                                        SHA1:D501FDE96A0E0553D2CFBC4D6A7E6E388BE074F3
                                                                                                                                                                                                                                                                                        SHA-256:1B05D5948C9DC4CE160C5006D5DE399BF8B53BF1A077B2ED6C15E24AE2B1B625
                                                                                                                                                                                                                                                                                        SHA-512:3E9CE6CB5760CED785382F61FEA2C70F4A357D86E5695E96DDC28898DED404D2625A4F2250F7B8BB2944CA26258F2F2B11719A52B43749E0B37AD2435AB7A06E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#}.e.j...h.r...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.&...|.,...}.>.....F.....K.....S.....[.....c.....j.....q.....x.....y.....z.....|.............................8.......................m.................4...........F.......................y.......................l.......................T.....~.................U.........................................S.......................z.................3...........<.................9.................7.......................&.....t.......................M.......................8.......................>.......................7.............................v......................._.........................................P.......................4.............................e.......................z.................J.......................J.......................b.......................^.................$...........5.....k.................f.......................@.....\.....i...........+.....b.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\de.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):522864
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.509466969630406
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:ewgd3zVbMMBrQnc13K7UpHap3gXiasnyX4VcX3FwN1a265Jl5/RRNKzMgQIBCna:9gd3zhMmn13K7UpUgSamysjw5ADvBCna
                                                                                                                                                                                                                                                                                        MD5:1EB575FC56B44C50D0E9F77D9E4C175A
                                                                                                                                                                                                                                                                                        SHA1:DA1306F42271324C75013A607C44455AECA1382F
                                                                                                                                                                                                                                                                                        SHA-256:95DBB8E1E637CE37271220B55ACF53B42E4894FED6AECD446AC9954C3DFBDBDA
                                                                                                                                                                                                                                                                                        SHA-512:C27A47E67B5E4D7D37CC7474619F28EA5737C8A7C4944620A9CDCCE7C1B35E9609EF9993415EA600AD5571614C6D76B7C519F79363F8FCD9AC28A561D5C03255
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.!...v.6...w.C...y.I...z.X...|.^...}.p.....x.....}.........................................................................................v.................c...........#.....8...........0.....|...................................M.......................x...........".....6...........<.....s...........%...................................D.....U...........W.................>...........$.....>...........}.................b.......................s........................................./...........<.........................................;.......................d...................................G.....Y............................._.......................Y.......................W...................................J.....~...........K.....i.................e.................0.......................r...........J.....T...........q.................M.......................i...................................H.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\el.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):946276
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.741751519140143
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24576:jvYcXPdGgx11hxFJc9NGJXDsSYSmqHMuD2fp3Lljr9AVH8+VdQ5tNDQo3FYtf2UY:7YcXPdGgx11hxFJc9NGJXDsSYSmqHNDo
                                                                                                                                                                                                                                                                                        MD5:5A8EACC55425412FE190433423B8D5AC
                                                                                                                                                                                                                                                                                        SHA1:9E232B1A12EE6D28A2BD4D3C11A46DEE509DA4A4
                                                                                                                                                                                                                                                                                        SHA-256:FF22DBB5CF6E1467E66A2D2D3C0168AB4CED57EBEAB074D167EA1FBCA3796876
                                                                                                                                                                                                                                                                                        SHA-512:48EFD0B640D4E174E87492273ECC1BFB252AFCEBC17CEB4D12558DD171D0D2ED8ED9761BE208AA6ADC3F2C3918A00E8BEC429C29108127DEA3AD2FCABD82BB4C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.b...h.j...i.r...j.|...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.+.....3.....8.....@.....H.....P.....W.....^.....e.....f.....g.....i.......................(.....O.....-.............................p.............................`...................................%.....{...........A........... .....@.......................g.....o.....i...........8.................I.....d.....K...........y.................P.................:.....2...............................................V.................d...........R...........i.....C.......................o...........................................................$........................ ....%!....-".....".....".....#.....$.....$....,%.....%....U&.....&.....&....g'.....'....U(.....(....o)..../*.....*.....+.....+....R,.....,.....,.....-....B................../....m0.....0....&1....P2....k3....!4....Z4....[5....B6.....6.....6.....8.....9.....9.....9....u:....?;.....;.....;.....<.....=....P>

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\en-GB.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):426075
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.520645088608974
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:8hY8L+2b4eppyfYy+MP9eRT/IfaYjYU8z5lKSpBE0RJhD:8e8C2b4+G+MeT/oo5gSLD
                                                                                                                                                                                                                                                                                        MD5:5C5F2B6AEBAA418B13FD1500DE8E4578
                                                                                                                                                                                                                                                                                        SHA1:B3DB67FFDD67157C467C02ADB24F91F76EC7819D
                                                                                                                                                                                                                                                                                        SHA-256:026D26E66651B31A331ECB10FB2022A5A442CC3A4B726C5BF4CBEF9128D1F9BA
                                                                                                                                                                                                                                                                                        SHA-512:D7980444F0D275E7D9D88DFA6CA87545BFE0F4ED1136AE73F49B6F16C300A8E67949B319A1A46B9AEB3266251D797639F5DE4FD4DB54C3D50F11A54F339FC562
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........C$ .e.$...h.,...i.:...j.F...k.U...l.`...n.h...o.m...p.z...q.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................!.....(...../.....0.....1.....6.....C.....R.....b.....s...........F.......................D.....u.................E.......................<.....k.......................;.....I.............................[.......................>.......................4.............................W.......................&.....R.....]...........&.....h.....|.............................Z.............................=.....^.....j.................D.....W.......................'.....p.......................1.....u.......................6....._.....j...........#.....`.....u.................%.....;.............................C.............................Y.......................0.....K.....Z.................2.....B.......................7.................R.....`........... .....W.....t.................B.....Q.............................g.............

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\en-US.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):429364
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.51194995966022
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:fA5c622l9ZypPPlcMVBRMP9elX9vfaYIyz45XBS+n0F/BO9wH:fyB2OMxNPRM2X9KX5RSw9wH
                                                                                                                                                                                                                                                                                        MD5:E5AA0C6C71E9CB44C190333C8FD42441
                                                                                                                                                                                                                                                                                        SHA1:9114E10C63FAAA7D6D82D7373F0392F9181BF977
                                                                                                                                                                                                                                                                                        SHA-256:9276EDD0593B43F98A436F5ED12AAEB87AAED5D1F4B90103BE47F53A335C6290
                                                                                                                                                                                                                                                                                        SHA-512:F19821F39ABBEA9FA3EDD791CE7D2539C7D8961FA80685CFFEC8B32A5681BE44989D03CE1AEA5F7957583B6EF658DCBF93179F3257292DFEB84D22011F426654
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........n$..e.z...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.-...|.3...}.E.....M.....R.....Z.....b.....j.....q.....x.....................................................3.......................H.......................=.......................@.............................`.......................#.....J.....W.......................%.......................%.....y.......................U.......................#.....k.......................k.......................7.....R.....a.............................E.............................W.......................3.....`.....l.................#...........v.......................6.....{.......................j.......................J.....m.......................).....>.............................].......................D.....{.......................D.....n.....~...........#.....[.....s...........D.......................W.......................M.....y......................./.....?...................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\es-419.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):517676
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.383521935260842
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:0xXFaEI+ZFu8ecBypMxteXD2BCU6rK9jnp4nsOauGc8p3Yl+lblRcoafUtki95tP:0xVpPm8PB8cs+X5p3YWRr5sLFkGIPWA
                                                                                                                                                                                                                                                                                        MD5:4B6D1B4BA163DE45ED4F78E14366B793
                                                                                                                                                                                                                                                                                        SHA1:CF109E4C6FC9EE8E49D2E8E2BB338614215EF704
                                                                                                                                                                                                                                                                                        SHA-256:3E4296C31B937E982BDCE2C3B3272476EC4781D0F55FB0D2D19AF5A31743ACDC
                                                                                                                                                                                                                                                                                        SHA-512:8773C4AF2D3EE19AB5CD07082F71119A9A4235C99E16F015106F2B170C6FFACA16E1D75C5AFDF112D63B19DD7B67A9086CA1AC9A16D22022FF78A4B9B6C70FDD
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#v.e.x...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.,...|.2...}.D.....L.....Q.....Y.....a.....i.....p.....w.....~...............................................b...........V.....q...........I.................:.................5...........".....d.................".....L....._.................D.....U...........O.................N.................,.................N.....a...........6.....t.................w.................r...........J.....q.................7.....R.................+.....:.................2.....H...........%.....j.....}...........A.......................7.....h.....s.................L.....V...........$.....d.....t...........g.................9.......................C.................*.......................R.................J.......................9................./.....H.................a.....{.........................................Z.................n......................._.....................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\es.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):517433
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.35951861036658
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:WNQEr5y1+gg335gObkpO+EVQ1Z+dj75sIrH6h6T6PZSHu:WLX13RopkQ1Zuj751rahWO
                                                                                                                                                                                                                                                                                        MD5:50B24602E3951E344A39D0657FFF7DCF
                                                                                                                                                                                                                                                                                        SHA1:C0005A557704093AAFE857BF8B0206A886E9926C
                                                                                                                                                                                                                                                                                        SHA-256:F46B966CE013B8119B6AD6F7D80E985A797B99A0C9BDD99A0F608E1B2BB45D3D
                                                                                                                                                                                                                                                                                        SHA-512:692114BBD1B87D8512182F890E0ECB61C9F8E82BFDECB8FDE4829CDD092D163CE452712724AFF4ACA78509958588C8BD3DBAE338CDA26E0A2E1071A068783FAC
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#u.e.z...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.-...|.3...}.E.....M.....R.....Z.....b.....j.....q.....x.....................................................i...........a.....|...........^.................J...........:.....T...........7.....s.................I.....x.................J.....r.................}.................q...........*.....H........... .....c.....t...........D.....................................................E.....j.................R.....h.................<.....K.................D.....Z...........&.....Y.....l...........!.....U.....a.................?.....J.................".....,.......................).................^.....x.................Z.....w...........(.....O.....n...........U.....z...................................g.......................[.......................q.................,...........@.................C.................7.................[.....o.................:.....M.................^.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\et.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):469391
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.458773975575223
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:YvCc+CJ1ONRS8z7+F4mT7FN0gmFohH47S/Y03pi802u5tju43yPZCfLaK7cUPQhx:+CBn3zOpbmFoh1zu5tj6x
                                                                                                                                                                                                                                                                                        MD5:3C5A65DEEE029F6A01D66754BB28FDAA
                                                                                                                                                                                                                                                                                        SHA1:3795EEE0E25519CEB05914E5E5A669683C46CFF4
                                                                                                                                                                                                                                                                                        SHA-256:FC4A20EB39F8B88F9F865312680F6DE86A98E0AF569D29E8B5EDCCF1AD264ED7
                                                                                                                                                                                                                                                                                        SHA-512:5BE2E0DDFED17B8B0AB13B9AE110FB4D18AD70F8FEF36A4C9780775F95EF52504493BFAD35121F7FA4E00D90B3B87A665D9D350B1258A495A263EAF00EED9B31
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#i.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.,...w.9...y.?...z.N...|.T...}.f.....n.....s.....{.............................................................................o...........f.................P.......................u.................%.......................%.............................x.......................w.................).......................S.......................W.......................g...................................W.....n...........3.....U.....p.................<.....H.................'.....7.................?.....J.................K.....Y.................C.....K.................>.....M.................@.....H...........0.....k.................1.....P.....f...........$.....H.....k.................P.....]...........%.....Y.................(.....B.....S.................?.....W...........#.....[.....v...........q................._...........%.....J...........&.....\.....i.................%.....9.................5.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\fa.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):770203
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.02054736628404
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:qVhujo3Os0gl8u313uyqoe+slXcfqEdkRmXzoT4WmdAQifaQ2XxFHGk62Bha6MX1:+2kl8u313uyqoe+seqIkRmXzoT4WmdA3
                                                                                                                                                                                                                                                                                        MD5:160967689AC20006AD11C1B80078FA0C
                                                                                                                                                                                                                                                                                        SHA1:92AE8FBAA7AE795C0210F3F7523D83441ADF0B63
                                                                                                                                                                                                                                                                                        SHA-256:277C77B5CEA438173B7F77173AF8A7F91F40997F9F5795385DF63456E1C43839
                                                                                                                                                                                                                                                                                        SHA-512:2861E0F23BF3C9E7A33345D1C24409819582181EB7377DE5F4A8096F1FBA4655E83B57CDDF51DE6DD26BBA1DE7E885EF7B0CF7DA41843EFAE187FBC18CF5D866
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.....h.....i.....j.....k.....l.....n.....o.....p.+...q.1...r.=...s.N...t.W...v.l...w.y...y.....z.....|.....}...............................................................................G.....n.....S.....$.................x.....).................y.....9.......................b.................{.....'.....m............................. ...........Y.......................-.....y...........9...........%.....A...................................c...............................................7.....k...................................m...........C.....Z................................... .....g.....~.............................b...........2.....T...........z.................z.....).................,.............................H.................]...........J.....j.......................U...........K.....p...........E...........A ....c .....!.....!.....!.....".....#.....#.....$.....$.....%.....&.....&.....&....q'.....(....g(.....(.....).....).....).....)....~*.....+....j+.....+

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\fi.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):479759
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.4233781889660095
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:hragjQ78p19i/b8et6KZ8VreKRtlsbTIOEiTakuLV5fYW2HrEaWacM3OW3MWO4Au:hrjjp19SbRQepaF5fYtHrEaWavYjYn
                                                                                                                                                                                                                                                                                        MD5:EB14A220409772C69D9ECF1F8BCA4EA2
                                                                                                                                                                                                                                                                                        SHA1:15EC989CF14C3254625EB108EFA5BE30F384DAF3
                                                                                                                                                                                                                                                                                        SHA-256:6F602DFF371D7F3A48E37A1A4B0F42E54587C987E5E86E240C2302D751E4EF04
                                                                                                                                                                                                                                                                                        SHA-512:EC3B6CB3B1562AB1C27AFEAA4C670F2C7073A49E98E4C0D6F5B6FABE3BA6D44A4F10AD6F726A03885927534983CD9F1B74AD5B204B271C6CE7C941C32BE74441
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.'...s.8...t.A...v.V...w.c...y.i...z.x...|.~...}........................................................................................... ...........%.....z.................S.......................v................./.......................9.............................`.......................<.....b.....|..........._.......................m.......................o.......................p.................8.......................a.......................;.............................K.....l.....x.................E.....O.......................;.............................h.......................L.......................A.......................^.......................+.......................!...............................................).....i.......................F.....p.................>.....w...................................e.......................u.......................P.............................o.......

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\fil.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):542224
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.19462709663241
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:7qcmO5R/I/jYb0G/JiSH/Zy3DQBIBOS2FCvenG2Z3LRmI5KwmNInARlq8:71mOE/EbYFMlUI5ZmX
                                                                                                                                                                                                                                                                                        MD5:6CBAB97CC8EAE527A372DFB61F30756F
                                                                                                                                                                                                                                                                                        SHA1:DB048884389EBAF98920A148FD86686890649502
                                                                                                                                                                                                                                                                                        SHA-256:F1764423A42662F18ABEA81741CA8ED46BBDACAE89B67E200FAA5735AAA0BECC
                                                                                                                                                                                                                                                                                        SHA-512:0B65D4AE17F92667717ADABE88CE207B39E624D9EE65B8CFAC15408C2D1E9066194642D2FAA81043CCB3D81ABF60A670A90817AE4062F681959D66D558E5955C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........R$..e.B...h.J...i.`...j.l...k.{...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......#.....(.....0.....8.....@.....G.....N.....U.....V.....W.....\.....i.....~.................M...........<.....Z...........Q.................S...........@.....g...........\.........................................'.......................j.................J...........`.................O.................#.................J.....d..........._.................X...........D.....f...........%.....P.....m.................C.....P.......................=.................U.....k...........7.....m.....|...........?.....q.................@.....q.................B.....t...................................T.......................N.......................>.......................g........... .....W.................H.....b...........@.....s.........................................'.................6.................6.................L.....d.................D.....Z...........P.......

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\fr.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):560587
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.384117218365487
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:jHAjFZLisrmDDq6QuaMV5uKzxOt11Z8MYnYJYQgIRyzKN5Qx0JSWdv40wCV7O+FP:jHdfVUD5I0
                                                                                                                                                                                                                                                                                        MD5:16A90C27DACBAF35297913D4E37B54AE
                                                                                                                                                                                                                                                                                        SHA1:5ABDA6B854420AB74B8A67F3FEE433A8EAC7ACAC
                                                                                                                                                                                                                                                                                        SHA-256:0BB5C919F3D2C468630635A92EA9D116B142569A9ECFA714CB9BB642331C373B
                                                                                                                                                                                                                                                                                        SHA-512:1D52FF4427D6D83756EF40FAE521C850DC10DFEC8BE5E74475233780F551851583F5A8733500BFA4FD78D490F682BBF2FE5A3F912C64546B41C92066AFAF8EB8
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.>...h.F...i.W...j.c...k.r...l.}...n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...................'...../.....7.....>.....E.....L.....M.....N.....P.....`.....n.................4...........T.....v...........].................E...........*.....F...........!.....u.................R.....~.................b.................=...................................F.....j...........H.......................q.................6.............................+.......................l.......................f.......................l.........................................5.......................8.......................%...............................................I...........-.....D.................8.....V.......................,.................2.....N...........Y.................5.......................5...................................4.....T...........R.................@.............................#.....p.................8.....e.....y...........e.......

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\gu.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1093662
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.314715426394661
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:eRAjU6t90z/VjolkbJ7xarWFDiHIwjAwREJKVMjNiT7llj63rFWlPvpMi5eQWiYE:e6gs90Volk9IWFDoGkCL25ZGhRYHX
                                                                                                                                                                                                                                                                                        MD5:1C395C52CBE8C7693CEA0DBF799C29D6
                                                                                                                                                                                                                                                                                        SHA1:ED8858ADAC7D75D217969F123F596775EF6DB8B1
                                                                                                                                                                                                                                                                                        SHA-256:EA3EC200A66358AA6F7BF269C1D208B5F6FA7901A54567033EAF36F3EBABCD75
                                                                                                                                                                                                                                                                                        SHA-512:53DE04BF1CB56A6076F43F0EC24E4FA90D74E7D6D21A275B0818363082DC70AB2D5A9BECD48A4D8C039D6A82A274E18264595104FBC14EE5181285B981478B00
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.f...h.n...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.+...|.1...}.C.....K.....P.....X.....`.....h.....o.....v.....}.....~.........................................j.....g.....8.....t.....g.....(...............................................i.......................O.................z...........d...........g.....#.............................^...........v.....J...................................?.....<.....7.......................*.......................<.....x...........X...........M.....u.......................&.......................6......................./...................................K.................r.....!.....}............ .....!....d"....."....S#.....$....Z$.....$.....%.....%.....%.....%.....&....j'.....'....$(..../).....)....|*.....*.....+....A,.....,.....,.....-...._................../.....0....;1....n1.....2.....3.....4.....4.....5.....6....D7.....7.....8....P9.....9.....9.....:....{;.....;.....<....!=.....=.....>

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\he.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):673942
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.634538125329964
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:KILQ/ZKhOxB28oO0hC6r6TkvWqo/5BEajACEXbheQCapGr5QA3o9Rhj5HlmmEsXp:9MfF5ZoP
                                                                                                                                                                                                                                                                                        MD5:9D8FA293198185E31ECD797F0AEFC72A
                                                                                                                                                                                                                                                                                        SHA1:F2F681A154A1FE809CE2796045ED5A26C91FF5ED
                                                                                                                                                                                                                                                                                        SHA-256:741ECFA065540CA34C2FFFE4315E48627A4F13B4A22AF27178131723B7B5747C
                                                                                                                                                                                                                                                                                        SHA-512:11FFCE433DC5D910DC825AEAEA053483E13C361A251CFC64E158FF5501CEDAB5C554F76208B3DFB809EF6B4C9A17F7B5A106D7F1434828C4D5F870B0B260D58B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.....h."...i.3...j.?...k.N...l.Y...n.a...o.f...p.s...q.y...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................!.....(.....).....*.....,.....C.....\.....u...........W.......................A.............................g.................l...........;.....]...........R.........................................o.................G...........^.................n...........M.....l...........c.................K.................+.........................................0.....]...........G.....y...........#...................................D.....W...........M.........................................M...................................6.....I...........p.................a.........................................<...........3.................A.................9.................".....;.................O.....h...........}.......................}.......................F.................o...........<.....c...........O ..... ..... ....X!.....!....E"

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\hi.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1144854
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.297985532061122
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:XCyiOkvuKXQ90FiSkINpw4EYcFu3V/BB0ZV1dsuOlRLXW3Jij0TByntDPtDlEpN9:XCyirusYSH1N5s5uhkP
                                                                                                                                                                                                                                                                                        MD5:704D910C6543784347C25120FFEE1B31
                                                                                                                                                                                                                                                                                        SHA1:D0D597551E8AC203ABF52533B4CEB3EC7DF6343C
                                                                                                                                                                                                                                                                                        SHA-256:E1C050657D50D5B515958475DD574C521ED6B77C9664D53C2E9B3F5A44DB66B9
                                                                                                                                                                                                                                                                                        SHA-512:77B7AC1AC54315631DEB4CB561FF2FB933882BDB291E1A830AC11B83D5190C2794432DE7E3244F8BAD76E48E29421DFD7F55F12CA348A434B9DD2A9158947895
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.....h.....i.....j.....k.....l.'...n./...o.4...p.A...q.G...r.S...s.d...t.m...v.....w.....y.....z.....|.....}...............................................................................A.....l...............................................1.....l.........................................P...........R...........`...........H...........C.....f.....M...........P.............................N.....(...........X...........h.....!.............................N.......................}.................C.................{.....,.................=.................0.................,.....].......................M...................................l.......................L ..... ..... .....!....."....V#.....#....B$.....$....:%....f%.....&.....&.....&.....&.....'....8(.....(.....(.....).....*.....+....e+.....,.....,.....,....'-................./...../.....0....k1.....2....D2.....3.....4.....5.....5.....7.....7....U8.....8.....9.....:....H;.....;.....<....P=.....=.....>.....?.....?....N@

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\hr.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):522373
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.5178071488164155
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:mYfGcgy98apiIkHeCaBV08IcAo+whxr05Yp/ADtOSAqb+HicHI0uPpHrTb4NNR61:2Py9fQ1+nCwPv+xmJ5IN7yRTFc
                                                                                                                                                                                                                                                                                        MD5:DFB7CF0594879F0BC3282E98EAAB54FD
                                                                                                                                                                                                                                                                                        SHA1:91A568038428A59B5561CE97DFC4D88F551F0118
                                                                                                                                                                                                                                                                                        SHA-256:4C08FB60E36D204A5B247746C763956545C4E120C443AC4D232CA708B8EE7DE2
                                                                                                                                                                                                                                                                                        SHA-512:62D0A25A1DB03564AC3D9CED053F73CD6F3ABA2AA029AF344DD8D457BD3739C07955713C2D7F5BC7FAA805DED9D1580585722328FFE546523D7F6933073F98B6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#i.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.,...w.9...y.?...z.N...|.T...}.f.....n.....s.....{.............................................................................{...........i.................V.................'.......................u.................,.......................(.....}.......................|.................0...........-.......................o................./.......................Q.................+...........D.................).....z.......................T.....v.......................:.....J.................D.....Y.................6.....E.................H.....].................0.....@.......................(.................c.....~.................@.....].................#.....C.......................0.................U.................1.....V.....l...........9.....k.................e.................]...........8.....J...........2.....p.................W.......................4.....R.....d...........@.....~.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\hu.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):562442
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.642589382314346
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:mnhoIMdb++wjhydOnOLI3HPs6TBAr7katVIB5HwzFZfpOHYGbQU+zGXevAu59RDr:KrMdbQjh0OQEACB5HwzIfLIAu57d1
                                                                                                                                                                                                                                                                                        MD5:420591BAF2E28C5BC5B010CD21B874C9
                                                                                                                                                                                                                                                                                        SHA1:48EAF27B110AD42360E8DFEF1F0CB39CDAF4C8EF
                                                                                                                                                                                                                                                                                        SHA-256:F7237BDD8785AA7478C2FB364172018231D67698B2BBD444ADD8346060E57CF9
                                                                                                                                                                                                                                                                                        SHA-512:3D0B9662A9D087F9AB8B3FC6AC27FC41D83139BDA264663BD8228C6745D1CA8D8A4DE38628B6D70E5C90917D9C09226A58F88B0BD29C0B5D6C73354447BC02A9
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.....h.&...i.7...j.A...k.P...l.[...n.c...o.h...p.u...q.{...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................#.....*.....+.....,.....1.....A.....W.....l.......................O.....m...........d.................@...........&.....@...........8.....n.................a.......................o.................U.................8..........._.................M...................................=.....M...........P.................E...........1.....P...........D.....p.................e.......................|.................K...........'.....>...........H.........................................c...........1.....F...........L.....................................................#.....?.................6....._...........&.....e.....}...........y.................e.......................[...................................=.....^...................................5.................M.................0................./.....K...........<.......

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\id.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):463284
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.380814037137659
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:Gk2Cejk5rjTRkZP8a37DsFPgbf+eVnjHFZ6mik4c15gghhwkK5NcSz97IEji4QHo:GkqCjTRYxrDig7VnjHFMm34C5gghBo
                                                                                                                                                                                                                                                                                        MD5:D71A2C619AC8A1D059EB45DB685745E2
                                                                                                                                                                                                                                                                                        SHA1:BC121089DD38C1194065014F8BF0493EA4481C15
                                                                                                                                                                                                                                                                                        SHA-256:A9839829935FBD9EFD214B5EF503006E9BF8A07E39AEF909F6ADD97E7BF7C410
                                                                                                                                                                                                                                                                                        SHA-512:75AA5941A5D1467C569E371E73E77AB6B1C18F29E32A2BE845223DE59A9642E55747B8503CCBD6951832AFDF2863DFD5128F86BE649093EBA34DF37D019E65CB
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.H...h.P...i.a...j.m...k.|...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......$.....).....1.....9.....A.....H.....O.....V.....W.....X.....Z.....h.....u.......................}.................2.....~.................#.....~.................?.......................B....................... .....d.......................[.......................f.......................R.....|.................1.....^.....k...........1.....l.................Z.......................7.....R.....c.......................'.....u.......................N.......................5.............................^.......................7.....d.....p.................P.....].................G.....Y.............................\.......................4.....z.......................^.......................5.....O.....].................=.....L.................D.....]...........U.................+.......................>.............................U.....t.................C.....z.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\it.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):510870
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.2925929498896975
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:r1upgax92+zcXeNDYISIqRRRsO1StbdRT9TjexvqiBELqbPpzHi9fLwsQ2nbSZpV:BudIAPZqV8bEEKUwA5x4os
                                                                                                                                                                                                                                                                                        MD5:F37C531FE9C157DD9FD2FBE2490900D7
                                                                                                                                                                                                                                                                                        SHA1:F71D89162FFD90B8BEB9DA57681E2EC0B1E144EC
                                                                                                                                                                                                                                                                                        SHA-256:556233DEB27128298F652D8E1C7571FFAB72EB6E19284D3CE3974872417F1EEA
                                                                                                                                                                                                                                                                                        SHA-512:AF06A952E27962951714E67ECE209812D2FC8602621263D651FC5A69A859C6981CA72998B12B48E123E5CBD12B9366548923F24DCD7DEA8AE36EE561D1B0EBD3
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.X...h.`...i.q...j.}...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.,.....4.....9.....A.....I.....Q.....X....._.....f.....g.....h.....j.....}.......................M...........;.....W.................^.....o...........g.................w...........+.....T.......................!.....s.......................v.................:...........2.........................................=.......................Z...................................k.................7.....c.......................E.....S......................................... .....2.............................h.......................<.............................f.........................................J.............................N.....d.....z...........(.....T.....i...........E.................'.....j.......................@.....k.....~...........c.................k...........[.....r...........l.................c.................1.....~.......................`.............

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\ja.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):622962
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.6977843395057075
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:m+fP3Ve7XZQxvDSrJtnRR16ZLQ21rfb45W2DxVy:mcVFvDW3F6ZLQ21rU5W2+
                                                                                                                                                                                                                                                                                        MD5:234370A14C324BB5A1609C070DF487C7
                                                                                                                                                                                                                                                                                        SHA1:F21372B225CC4B3678602DB9229752998A25C636
                                                                                                                                                                                                                                                                                        SHA-256:C44995B0D0157AE30A1F4A04934A2CA13F7519A073994AFEAC40737D5457B70F
                                                                                                                                                                                                                                                                                        SHA-512:9705FB32D35111FE34E6BEC69E60CD4C20DBFB1F5FFE9CF68051E6392D6A0F01C3A0E893722E7DEBCCE00417BAC66820208578C67DE382EDDC9BE16F45137229
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........"#A.e.....h.....i.....j.....k.....l.....m. ...o.5...p.B...q.H...v.T...w.a...y.g...z.v...|.|...}...........................................................................................%.....F.....g.............................|...........0.....H...........s.......................R.................g.................!.......................,...........(....._...................................k...................................*.....9.................Q.....`.......................&.......................(...........).....j.........................................:.................6...................................V.....h...........S.................&.............................@.................@...................................'.....H...........4.................<.................:.......................#...........(.....h.................X.................P...........X.....m.........................................M.....n...........\.................A.................%.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\kn.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1252837
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.224937819725348
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:5yqzDopA6GYIQJzMUP3Q7X5EiUqcyE+hTfR:kgC85dUw
                                                                                                                                                                                                                                                                                        MD5:1CE840130606E9F9B911A2DF0CF6B9F5
                                                                                                                                                                                                                                                                                        SHA1:CC00E930D1DF3A678F11E158632089B50A86FD52
                                                                                                                                                                                                                                                                                        SHA-256:CA43C63D9F20C9F36C7576F76162FB500FDD89AE8FF3C30A30413E2585B2F04F
                                                                                                                                                                                                                                                                                        SHA-512:0800F015D0942899814B8B80784EB30ADEE2D0431F30FE61A1DA2A20496F3E1D5C4A16493126C2388F32DBECFDCB3F09670C6878DD12E63E6D9D4124A68BD98B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........$c.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.#...v.8...w.E...y.K...z.Z...|.`...}.r.....z.......................................................................!.....a...........,.....`.....a...................................x...........l.............................i.......................F.....3...........}.......................3.............................;.....A...................................e.................................................................4.................p...........U.....h.........................................9 ....s ....G!....."....|"....."....S#.....$....v$.....$....z%....2&.....&.....&.....'....X(.....(.....)....$*....#+.....+.....,.....,.....-..........a....../...../...../...../.....0....c1.....1...."2....J3.....4.....4....'5.....6.....6.....7....`7.....8....\9.....9....;:.....;....L<.....=....g=.....>....N@....LA.....A.....B.....C.....D.....E....fF....KG.....G....>H.....I.....I.....J....ZJ.....K....vL.....M

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\ko.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):527354
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.061901143177582
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:wbSC9yVzNWrPyOjXuq5t8OQ4EVh3T6eCqV5r7fuhs8gtzq7hUomrOeV7O:sSCcB9518Zg7O
                                                                                                                                                                                                                                                                                        MD5:F3E3D2F92C2F001AA5CED06ABF7722A3
                                                                                                                                                                                                                                                                                        SHA1:89324608E6269D7D22C96CB8CDB52C0F32BD2ADB
                                                                                                                                                                                                                                                                                        SHA-256:9DB0DBB2CBBAEC15076A69B4F6FCB6236198175E9A687B6FEBC685CF071DBDC1
                                                                                                                                                                                                                                                                                        SHA-512:86322C1810414C10FC98C70D8EB441AF5E90E76FA6C593A79D8E7DDF440DBA7438D801EF05A3F75B2B4B23FFD3E7C4AF8BAA925645970D684466CF86DAEA43C6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#T.e.....h.....i.....j.....k.....l.....m.....o.....p.....q.....r.....s.-...t.6...y.K...z.Z...|.`...}.r.....z.....................................................................................................?.....]...........6.....w.................n.................1.......................O.......................T.......................c.......................t.................).......................................................................)...........,.....y.................B.....f.....}...........#.....H.....X.................#.....3.................U.....q...........5.....i.....y...........@.....t.................C.....s.................A.....r.................w.................8.......................(.....}.................3.......................M.................!.....r.......................=.......................@.......................S.................$.......................E.................<.....O.................".....5.................&.....9.......

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\lt.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):566503
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.631780762978957
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:B8dGrGvARoMAAxqsI9ffdV5dzkArWCrn6SNU:+GrGvRMAtXV5uA6CrQ
                                                                                                                                                                                                                                                                                        MD5:1326B58298586AA382E0073B80E8F446
                                                                                                                                                                                                                                                                                        SHA1:B299DEB1AF39DFEBDA86B8400B0B6A2EA734BEEF
                                                                                                                                                                                                                                                                                        SHA-256:58C9495A5770BF93DEEF4675BDF49B3F7D0387640B74F74DC12948B372DF1485
                                                                                                                                                                                                                                                                                        SHA-512:5EFFA9704F5FAB2C6646D8C45CC0368EA50C25357E4779AD0475FBD6DA57F954759F21D4AC88B400A32AAE5B7BAC5F6C40DB5A3EF64462C5BE203654101B922C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#~.e.h...h.p...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.$...|.*...}.<.....D.....I.....Q.....Y.....a.....h.....o.....v.....w.....x.....z.............................P...........>.....Y...........o.................i...........C.....]...........T.........................................].................0...........*.....^...................................n................./.................W.....g.............................p...........N.....l...........N.....u.................s.................(.......................a.................2...........&.....`.....o...........m.................9.......................o.................+...........^.................B...................................M.....u...........g.................G.................7.................0.....C...........j.................]...........$.....H.........................................B.....b.............................D.......................d...........4.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\lv.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):564832
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.629384536813544
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:mM/gFlEgpGG+28DZwV3yNDtVF6w+IT7c49bkSZub3v5HycNpE395gosryEAYaSfY:m/8gYG4uF7ITw4Okmv5VEt5KyeO19
                                                                                                                                                                                                                                                                                        MD5:5E35E54760D2E45D534AA6AAF20FDBC4
                                                                                                                                                                                                                                                                                        SHA1:AD12C4E34D4D2EE5E381D5498735A2F30E6C537C
                                                                                                                                                                                                                                                                                        SHA-256:A8257F11B91E81A329CE3E9E72128F0A012DEEA085E02FA07030C8E6283BD437
                                                                                                                                                                                                                                                                                        SHA-512:4B28F4F91330E7ADD296D6B0F63E835ED1F1644523B455A718E8CE3101CA4405CCAA102A130C07573B8CC007F03FA38F73CF8BBC25EC1344EE064B681EA78FD8
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........$W.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.!...s.2...t.;...v.P...w.]...y.c...z.r...|.x...}........................................................................................... ...........|.................i...........4.....G...........|.................h...........9.....X...........7.....s.....~...........s................./.............................E.................(.......................y...........?.....R...........v.................d...........Z.....{...........F.....l.................O.....x.................].........................................i.................,.................Q.....`...........I.....|...................................b...........U.....m...........0.....K.....`..........._.........................................J.................T...........!.....A.....Z...........^.................*.............................\.................Z.................;...........6.....p.................R.....m.........................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\ml.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1303783
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.259258799432565
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:3taS6A2cMmsbbAxEIAxbFDqxn9mMD1UM6Dwh6h+4rWZ3elhV5147dCss/fa3qJ:3t6V5f5UZ3eB5147bs/C3q
                                                                                                                                                                                                                                                                                        MD5:1AD0400A471428FE4C19985483B49CF0
                                                                                                                                                                                                                                                                                        SHA1:FBA5AA51A78ADD72885F88F69E9C1048DE7C6CE5
                                                                                                                                                                                                                                                                                        SHA-256:103678E2474E84E10C8A77DDADBB6559B4AEA54C9ABBC3777C4970E99A6B248B
                                                                                                                                                                                                                                                                                        SHA-512:F123E81C21D60D6A8F0602BB49EE516FB19C4903BBD1F656E8F430CCC1857AA572F5127B0B403D18A0E66F5599A56AEB76C1D58B85027E0658CB77E8AFAE91A3
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........$b.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.%...v.:...w.G...y.M...z.\...|.b...}.t.....|.......................................................................2.....r...........$.....h.....Q.......................e...........3...........o.........................................|...........,...............................................W.................{.......................z.......................C...................................l.............................x................................... .................. ....8 .....!.....!....d"....."....|#.....$.....$.....$.....%....|&.....&....''.....(.....(....e).....)....q*....9+.....+.....+.....,................./...../.....0..../1....g1....,2.....2.... 3....b3....>4.....5.....5.....5.....7.....7.....8.....9.....9.....:....$;....h;.....<.....=.....>....b>.....?....c@.....A....aA.....B.....C.....D.....D.....E.....F.....G.....H....;I....6J.....J....)K.....L.....L....sM.....M.....N.....P.....P

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\mr.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1071400
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.289671062112699
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:EQ5Q18gOzD0TDA06aJqGHinpN885hpD6oi:EQ5Q1wzwY06aJqUipNR5hpD6oi
                                                                                                                                                                                                                                                                                        MD5:B6E8DF7BF6E012274E103EF010B257B5
                                                                                                                                                                                                                                                                                        SHA1:25F2986210FAFB7987EDD35490565C9DD5AABE99
                                                                                                                                                                                                                                                                                        SHA-256:2B1B62B876AB7E36DDCDF0D25185F720A479EB778874FECBD87BA9CDC1E8FE90
                                                                                                                                                                                                                                                                                        SHA-512:12E03964EE9807C71801A5786128F63F33D1F5C1BE7901DB8F68A8465423D6877D2B17A02ADA7D220D0ACA26D3C646C605AFC30B789266316F46742BA52646F0
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.....h.....i.0...j.<...k.K...l.V...n.^...o.c...p.p...q.v...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................%.....&.....'.....,.....N.....p.................3.....k.....).....e.................X.................!...........H.....N.....K...................................4.................4.....T.....^.....<.................v...........}...............................................q...................................`...........m.................w...............................................X...................................6 .....!.....!....]"....."....P#.....$....q$.....$....T%.....&....m&.....&....`'....*(.....(.....(.....).....+.....+.....,.....,.....-.....-.....-..........D/....z/...../....h0.....1.....1.....1.....2.....3.....4.....5.....5.....6.....7....S7.....8....|9.....:....N:.....;....]<.....=....C=.....>.....?.....@.....A....[B....eC.....D....sD....|E....ZF.....F.....F.....G.....H.....H...."I....CJ....7K.....K

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\ms.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):485734
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.249037126713901
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:FQEJN15BSYDhcWc9qKZnrasxijClRlM0rsUcSc5to/LOMyQlE0O:FQEH15BncxnXxi2lMEg5cKMW
                                                                                                                                                                                                                                                                                        MD5:43605568EE2C8CFCB759689BA60FC28A
                                                                                                                                                                                                                                                                                        SHA1:B7EFD59598ED7F2C16FA1E0621AA77FA0C055CA9
                                                                                                                                                                                                                                                                                        SHA-256:7DE3C0021D72664D577296CB1B450EB4C0935FD7F95B3BB89AACE4C3399BD1A6
                                                                                                                                                                                                                                                                                        SHA-512:8AEB9750AD95EA863666CD312C9F7DD649F9F8A0536F1B95FD38A27A3E14D860DED10DBEDCE213050906C124814365CCA6857807B4D0C2CAC91B12ED7E465D33
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........$Y.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.%...t.....v.C...w.P...y.V...z.e...|.k...}.}...........................................................................................................s.................N.......................p.................7.......................Q.......................E.......................G.......................m...........&.....>.............................k.......................Y.......................v...........C.....U.............................b.......................8...............................................+.......................$.............................r.......................e.........................................5.............................g.......................J.....s.................3.....h.......................+.....7.................).....8.................F....._...........V.................(.......................@.............................d.......................D.....q.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\nb.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):472861
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.422132914928992
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:knfz+H4X/GC5hzxhx3zwOp7fkB9ghm4C9/e8G5xV487zhhdCrQOvj:uz+HuHh1zwOp7fkBcqW8G5xV48XOQOvj
                                                                                                                                                                                                                                                                                        MD5:81BBDD86CC265C66AF7F5785E3B3ABB2
                                                                                                                                                                                                                                                                                        SHA1:DC2F475A77F45D1ED22E1D3C62E0EC254A2E43F2
                                                                                                                                                                                                                                                                                        SHA-256:ACA3663AB538F885D1CFB50A0519CB877C2795113C60BB174B781AAFBB37D5E7
                                                                                                                                                                                                                                                                                        SHA-512:551E7C30D4742F307E2FEEDB206DCD6BD709ACC4229C646C46DF80E46628BE835CC423D90CEED33C16FB2D9BB5282F6446EDD38FD0B5A71041DCA7281F39F458
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#v.e.x...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.%...y.+...z.:...|.@...}.R.....Z....._.....g.....o.....w.....~...........................................................l..........._.....t...........=.....v...................................i.......................j.......................X.......................Y...................................*.....M...........Z.................4.......................p...........5.....O...........o.......................z.......................O.....t.................2.....W.....g.................f.....z...........:.....h.....x...........@.....r.................5.....^.....n...........,.....Z.....h...........R.......................`.......................D.....c.....|...........).....K.....]...........J.......................t.................!.......................6.......................D...................................W.................H.....t.................#.....@.....N.................G.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\nl.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):486574
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.367625607759673
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:4gBP1ah2blbWusag/P51dC5atoxcGp3w40OTn:4Aah2blbWust51dC5aqxcGp3w4fD
                                                                                                                                                                                                                                                                                        MD5:FDD9214E7E7E003745850E90D6769981
                                                                                                                                                                                                                                                                                        SHA1:F3F5ECC21F1246B4950206DA349DD14D2F379060
                                                                                                                                                                                                                                                                                        SHA-256:6153F823E41D4FF157F66A8F951955C7AF618C05D347879D688E26E7547FDEE3
                                                                                                                                                                                                                                                                                        SHA-512:F74FD6D6306C97A2B10424F177DF0A5C82AED74DA1D38AB8F6F1D4FA35382D8BDD6E4542AEDF026E9FD6013876407B1B8D6E1BD5D1B92D8E41D1BBE31A9B0483
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.H...h.P...i.a...j.m...k.|...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......$.....).....1.....9.....A.....H.....O.....V.....W.....X.....Z.....f.....v.................'.......................v.................&.................R.....h...........5.....k.................-.....V.....e.................9.....G.................V.....w...........O.......................d.......................s.................1.......................z...........9.....R.......................).....w.......................K.......................:.......................<.......................!.....t.......................S.......................H.....|.................g................. .....v.......................\.....}.................J.....r.................V.......................[.....y.................Q.......................f.................L...........".....3...........!.....c.................S.......................<.....`.....p...........2.....`.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\pl.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):544675
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.762969917801703
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:JsdWWoOB/Q4U/FmfQfXU6HAEb9EP3CUd1e3mmUQEmw1Qhi7f57Nt4HtIJ:Ul+501Qh85GA
                                                                                                                                                                                                                                                                                        MD5:632F29DD0CA81C5521DB39C7AB387C68
                                                                                                                                                                                                                                                                                        SHA1:C7E5E050538DA5B13E40EF9485295E6F46EA75E8
                                                                                                                                                                                                                                                                                        SHA-256:1C069CDC64009D8CCB599852F313873A391C8AFA0B980C5B49FCB88579203483
                                                                                                                                                                                                                                                                                        SHA-512:19CCDCC24A76929687B291AB4C84D18DB3128A94B51998D2120F8C28F20A9CE79FDA3258E1535DFD05F7D2FC95814F38EDD50F1238A4A9916AC738AA95FC4D39
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#p.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.)...y./...z.>...|.D...}.V.....^.....c.....k.....s.....{.................................................................z...........u................._.................>.................&.................*.....@.................!.....5.................4.....F.................S.....y...........o.................L.......................b...................................R.....n.............................[.............................g.......................-.....N.....\...........%.....^.....r...........-.....`.....r...........'.....X.....h.................?.....O.................?.....P...........:.......................9.....V.....m.................7.....].................M.....b...........4.......................M.....k.................5.....[.....w...........T.................6...................................I.....t.................[.....l.......................*.................@.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\pt-BR.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):512253
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.428330309782951
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:eI4167pCxaNBXBLEI2Agyq/5ZKJundRsRhkITp:R3OF5MJasRKIl
                                                                                                                                                                                                                                                                                        MD5:D0501E36DFE12C33987D9EB2C098E915
                                                                                                                                                                                                                                                                                        SHA1:FDAA94DA2C93872FDD89BE5712488BE994B5D098
                                                                                                                                                                                                                                                                                        SHA-256:499767591B7D9C58BAFCAFA9B46656348B2617E6EE01AD8B88D98FC225CF5EC3
                                                                                                                                                                                                                                                                                        SHA-512:E7A5ECB7F321871F3773BE8C5D0137B4B1D7093A39DEFD8159294C93829F465A6569270756721B4AABE8F5210C3B4DC901D80FAA5F7BE4E32E2A9073F7E1E4DE
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#s.e.~...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.%...y.+...z.:...|.@...}.R.....Z....._.....g.....o.....w.....~...........................................................z...........b.....~...........E.....~...........!.................*.................).....>.............................t...................................P.................u.................P.......................u.................&.................a.....z.............................K.......................+.......................).......................,......................./.............................e.......................?.....m.....w...........4.....l.....}...........x.................6.............................Q.....w...........(.....S.....k...........d.................H.....m.................N.......................i.................V...........0.....F...........G................. .....n.......................F.....l.................Y.................'.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\pt-PT.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):513655
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.4055133054538755
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:TpHnAjb8Exv8fieJVJJxhaq4kR5fVCO5+KjHSROi:TJ68YbO5+KzSRR
                                                                                                                                                                                                                                                                                        MD5:A4EEFC130C14CA510DB54D1EEF0DEE0D
                                                                                                                                                                                                                                                                                        SHA1:8F8B9013CE3377D9734EBB2F91D02BA0E990013A
                                                                                                                                                                                                                                                                                        SHA-256:8CA2AE8E4C30A46DACD4DAA4D7EAE85CED7A9AD7F06595CC53057486777F448F
                                                                                                                                                                                                                                                                                        SHA-512:8EEEE12F629FC2CC17969DE55C55DA379D766FFBC9AF448564E6D84278CC2D6D657E5C51BA3968197FE89C6A79DB54B701C809F4F8F2C0D206F7F62F458F8B11
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........$_.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s."...t.+...v.@...w.M...y.S...z.b...|.h...}.z...........................................................................................................x.................^.................G...........'.....B...........-.....q.................8.....b.....r.................F.....X...........F.................,.......................f.................*.................).....9.................W.....l...........b.................7.......................".....|.........................................*.......................2.............................s.......................L.....y.................:.....n.................].......................m.......................2.....L.....]...........!.....N.....h...........A.......................W.......................A.....w.................M.................;...................................e.................l.......................`.......................h.......

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\ro.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):532676
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.4567665513725006
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:cyh5TqQw2jXBAjTCeVoo2xIIXPK8XGp5WjoCRs2f/dTO3:5LGYjXBAS4ooIIEi8U5Qow/Y3
                                                                                                                                                                                                                                                                                        MD5:D50B85A8AC999AABAE4B1B6CC17D74C3
                                                                                                                                                                                                                                                                                        SHA1:BE68A7F32BDBBDF000D1A24B2773F65A7EEE248B
                                                                                                                                                                                                                                                                                        SHA-256:1E2D17CF43D74B01FBF018C29B121A6A6C3E39E251B2C6892EF64192C9B2E293
                                                                                                                                                                                                                                                                                        SHA-512:71ACD5F8D82989CB5F4EEA7D06E03B65BE50E124F6D09AC13AFEDAF70E78BB9949E50E2A229FD99C245F7BEA745D0F50AFE39AFFE89BDD9A9996AD5B51F39DC5
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#~.e.h...h.p...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z."...|.(...}.:.....B.....G.....O.....W....._.....f.....m.....t.....u.....v.....x.............................E...........#.....=.................7.....K...........R.................C.......................c.......................F.......................U...................................P.....t...........R.......................v.................1...................................R.......................=.....Z.......................).....z......................._.......................\.......................I.......................#.....o.......................W.........................................Q.......................!.....i................. .....n.................;.................&.....x.......................i................. .................$.....9...........6.................+.......................x.................(.....|.......................~...........=.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\ru.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):872192
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.828791027749602
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:qA9LfQjRo4YS7yMh/K6NzJ9fx+aAVamqSGsN0zqcnYH8eXN2hPO3j/7rbzvMws1O:pQ0/5x6EH
                                                                                                                                                                                                                                                                                        MD5:AA90E5F8F80EF5D1C4D723800D1E7CCA
                                                                                                                                                                                                                                                                                        SHA1:8D2D0A914EECDCCDBFF50164849B55199350A007
                                                                                                                                                                                                                                                                                        SHA-256:27F2CF880EA7F21467D9796D835E979DACAD678C307C97E7F95CB0A4484E6D49
                                                                                                                                                                                                                                                                                        SHA-512:38812CAF426C212FAF8E337F5D68179F7B4E8EC1D85137E53156F6FB88AF888D8405CC3373F70B835661BFF06456F5C1611C16EAF51B1F0783A7EF6CF29E818C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........F#..e.*...h.2...i.C...j.O...k.^...l.i...n.q...o.v...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................#.....*.....1.....8.....9.....:.....<.....Y.....v.................v.....6...............................................I.............................L...........5...........=.....`.................V.....m.....!.................O.....B...................................d...........@...........!.....F.................(.....U.....Y.....S..........."...........5.....b...........#.......................d.............................$.....]...........(.................'...........*.....e.....|...........y.................G...................................d...................................Y.....................................................3...............................................L.................. .....!....r!.....!....o"....'#.....#.....#.....$.....%.... &....q&.....'.....'.....'.....'....}(.....(....+)....D).....*.....*....9+

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\sk.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):549690
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.815977918082208
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:r0Jd2/qsGkIDVHyHih+BD5ilcLpTlXLPxt9D:r0S/qsgHyND5/LPltZ
                                                                                                                                                                                                                                                                                        MD5:61214CDBA9615EFD99D2FFB40C32EDE5
                                                                                                                                                                                                                                                                                        SHA1:37BE7B775B3A69CC17E5D62FF2DC8C97C0F0A856
                                                                                                                                                                                                                                                                                        SHA-256:ED41BDE2844987F331D411C395B9ABB1581649C1859A2E2966A396528DE22D83
                                                                                                                                                                                                                                                                                        SHA-512:6915E25C7DB5E380AE135E668C951B0EE0EC615537959269C4890C9625D0C3740E9687296F1BAACB84D5B15B71198FE4A8CDCDB67109E3BC03F42DBB432E2CAA
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#{.e.n...h.v...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.-...|.3...}.E.....M.....R.....Z.....b.....j.....q.....x.....................................................v...............................................i...........=.....W...........(.....a.....x...........G.....v.................B.....k.................X.................M.................<...........3.....n.................j.................=.............................3.......................U.....u.................K.....q.................D.....k.....}...........].........................................0.......................A.......................`.................!...........;.......................>.....Y.....m...........".....>.....S.................U.....e...........b.................7.......................;.......................[................."...........].................X.................!.................!.....5.........................................S.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\sl.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):528009
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.4869908228721656
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:FOMiordCmo8B2XKjcLn5W+cqJHjgMi/fztCqc:4+dCmoRVLn5W+cwi/fzt4
                                                                                                                                                                                                                                                                                        MD5:3F3D2C34DCE213CEE8AE4BDDDD371833
                                                                                                                                                                                                                                                                                        SHA1:2ACFB5A6FB973797557ED1A3D805F09C3DE7CCF9
                                                                                                                                                                                                                                                                                        SHA-256:86EFDB2664DC2E81D4592E1EB704417B10C5AAF024A9A9B67F232905BEAB71AA
                                                                                                                                                                                                                                                                                        SHA-512:590F915E97BACBAB751B62803A9FC4B76538F7921904BE92B739F2A0C65A9E93EE251B90595D266EB63192D109755C15F32640D4A2DA408BDB806D188AA450B4
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.F...h.N...i._...j.i...k.x...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}....... .....%.....-.....5.....=.....D.....K.....R.....S.....T.....V.....h.....v.................+.................&.................-.....>...........J.........................................#.............................r.................'.......................g.................3.................K.....a...........5.....l.................z.................k...........<.....b.................(.....@.......................%.........................................<.....P.................J.....[...........A.......................S.......................W.......................s.................*.............................d......................._.................0.......................a.......................Z.......................z.................,...........v.......................6.................5.......................1.......................#.............

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\sr.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):813242
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.758280876924063
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:2qPqgnuA7xy2LYheWId1OShdEmd0NRaIA1ID5H1KxaxK8/8W37Zje7M/k/C:NqgnOSJmD5Qxlm
                                                                                                                                                                                                                                                                                        MD5:05AD63AE6D15872B08AF36907D586EB2
                                                                                                                                                                                                                                                                                        SHA1:210D346D5DA415302D4078CB699724734C4908EB
                                                                                                                                                                                                                                                                                        SHA-256:41C0932BC02A11EB1CCF57A35DD5558D73FFBCC03A3EEA81B232CD8FAE02B088
                                                                                                                                                                                                                                                                                        SHA-512:2BAFBDE3B7CB3538150E24FEF5F23A142D4E12BD48ECF5FFE42B206228A49490184E5F445ED997703A08D7081AFDF0237EB4110502A85600E244F8FECDED5B49
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#p.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.+...y.1...z.@...|.F...}.X.....`.....e.....m.....u.....}...........................................................=.....*...........k...........c...........p.................Y...........!.......................G...........v.................u...........2.....I.......................E.....E.............................+.................t...........m...........x...../.............................g...........4...................................<....._...........\.................w...........x...........G.................=...........V.................X.................<...........k.......................Y.............................;.....c...........r.......................$.....q...........^ ..... ....Q!.....!....D".....".....".....#.....#....d$.....$.....$.....%....E&.....&.....&.....'.....(....I)....g)....U*.....*....n+.....+....r,.....,....Q-....r-.....-....m................../....;0.....0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\sv.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):474709
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.542914789734541
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:EGEq+hrEcj811O/Iafn/lAFKxbc+y9n4RFcnqS83G6iMZSOwDE/xWcqVJ5xJu5Dx:EhqarvCCIaCFFf5u5Dx3
                                                                                                                                                                                                                                                                                        MD5:5AA877385055970F5288E6CE8A36B832
                                                                                                                                                                                                                                                                                        SHA1:D29B20C0185DECA614EAFB850442D8634396842C
                                                                                                                                                                                                                                                                                        SHA-256:9335FEF50F8D3CD3E9A5B91035604489791CA4EDB360C74904AFD4B633176AF9
                                                                                                                                                                                                                                                                                        SHA-512:D4AB22E818466962D668FADD2B765FF8D293829F8E89C23DEB5C6D4FD73C2ECA026B61C1EEB983BF64E5633DE59E58A5EFFF60965B437018AFBA6C033C95A0CA
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.....h.....i./...j.;...k.J...l.U...n.]...o.b...p.o...q.u...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................$.....%.....&.....(.....9.....K....._.....s...........x.................?.......................{...........H.....a...........1.....j.................<.....k.....{...........;.....l.....|...........`.................2.......................e.......................o.............................*.....u...........&.................3.............................`.......................=.......................1.......................>.......................3.......................#.............................~.................%.......................:.............................c.......................4.....U.....g...........?.....|.................`.......................Q.....y.................G...................................................../.....U...........!.....Q.....d.......................*...................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\sw.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):499965
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.341522998917434
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:qts9qp0IiAcoW5ruCERdSUrbQBDFY9DDJ8cZgL650Xb9uGO6IKPe/Br2tfU:qFx5s0
                                                                                                                                                                                                                                                                                        MD5:F86F632B6792648370CEBA1CD64B5FAB
                                                                                                                                                                                                                                                                                        SHA1:670A040211C7CCFBF41C1727EC0FDECDB5103F4D
                                                                                                                                                                                                                                                                                        SHA-256:A6C65F289F1D2B07131E4831B9B2E3BDD6852F14EFF6072B1177DC4729EFD6A6
                                                                                                                                                                                                                                                                                        SHA-512:F707F7EEC312AA0E25F32794A1FEF697BCC91D017503EFC99AF30B0C3F62278278B5A1C24CE6E8843E3DFF74BB7FF134901E532CA797F8876D0EA413E378C2DB
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.d...h.l...i.w...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|. ...}.2.....:.....?.....G.....O.....W.....^.....e.....l.....m.....n.....s.............................E.................*.................8.....J...........=.......................V.......................G.....r.................,.....[.....i...........6.....j...................................e.......................s.......................t.................!...........0.......................P.....x.................!.....D.....M.........................................G.....U.................:.....L.................M.....X................./.....<................./.....8.................b.....{.................Z.....v...........8.....i.................J.......................r.................H.......................#.....p.................1.......................p...........E.....Y...........;.....~...........$.......................V.......................x...........+.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\ta.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1291590
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.0384406219936135
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:rUqBD/q2rgwkIdizhqK5Wz1tR1cA25tm1vYpiMye:wqBD/RrgFIEsK5WzPcA25tm1vYpiMye
                                                                                                                                                                                                                                                                                        MD5:C40746A823E8898BF12837EE18DD928F
                                                                                                                                                                                                                                                                                        SHA1:2ABE8E39221B2C0E5E2029FA074E66C42BCA6A0D
                                                                                                                                                                                                                                                                                        SHA-256:4CDA9C2DFDC9D6A9ECAB3862AC3D54E2236C2EF1C6B3267224EC5AB3C023588C
                                                                                                                                                                                                                                                                                        SHA-512:DAF2323C8CDECDCECFC59378DA32B5581AACF59B20600D15C71A965D28D51EA687B8DE84B6910378FC8B70FA567DF737848E49E27D413CC0F26E8873C104D90C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.2...h.:...i.K...j.W...k.f...l.q...n.y...o.~...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................#.....+.....2.....9.....@.....A.....B.....G.....u.................D...........?.............................j...........2...........d................./.............................Y...........t.....V....................... .................w...............................................E.....m...........A...............................................".....%...........B...........w.....S ..... ..... .....!.....".....#....C#....n$....x%.....&....V&....M'....>(.....(.....(.....).....*....=+....k+....d,....T-.....-................./....d0.....0.....1....D3.... 4....d4...._5....G6.....6.....6.....7.....8.....8....P9....%:.....;.....;....&<....O=....]>.....>....e?....=@.....A....SA.....A.....B.....C....eD.....D....5F....HG....)H....zH....fJ....PL.....M.....M....NO....[P.....Q.....Q.....R.... T.....T....1U....5V...."W.....W.....W.....Y....CZ.....Z

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\te.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1194507
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.29113513748681
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:B8io6u0or7McKNnCXWtFDd49+6gb0tQWp5Bi3p1FwPOiTlC2pCgmNFqPZrO0oXAf:qLWbo5TM0b
                                                                                                                                                                                                                                                                                        MD5:D81A2BA2AC41B03B745C9E92CA10A1D2
                                                                                                                                                                                                                                                                                        SHA1:8A25ADEFC1879CD49CCF794291A1A8048B8EE8D0
                                                                                                                                                                                                                                                                                        SHA-256:B1D4208C5B2A2B6C754E5BD9EDB6A1692F738C77055544759E91D37971242247
                                                                                                                                                                                                                                                                                        SHA-512:CE0A72BF75FCA0DED1C48ACAB282BEFE7D8F239715D9FB015F699486F8CB40489B20FDF09741DB6D432B3DE29DC1BD50D1174F31DE74CE243DCE861E31830621
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........$b.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.%...t.....v.C...w.P...y.V...z.e...|.k...}.}.............................................................................).....f...........X.......................-...................................t.................#.....................................................g.............................O.......................<.....r.....f...........=.....y.....p...........C...............................................5..... ...........%.....Z...........H..................!.....!....8"....y".....#.....$....D%.....%.....&.....'....&(....m(.....)....^*.....*.....+....5,.....-....{-.....-.........../....00....t0.....1.....2....`3.....3.....4....U5.....5.....5.....6....W7.....7.....7.....8....>9.....9....7:.....;.....<.....=.....=.....>....p?.....?.....@....XA....6B.....B.....C....RD.....E.....E.....E.....G....NI.....J.....J....BL....SM.....N....~N.....O.....P....MQ.....Q.....R....lS.....S.....T....nU....iV.....W

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\th.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1005091
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.332850629438999
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:XUBmoeLN9LyZYA1T6z1L/LLXPD9s0nIJZgv1V5UBu7L3fBj8BlzEdq3Ro9AGdI90:XUBmoWI5w5H
                                                                                                                                                                                                                                                                                        MD5:0FA8CEF6A7546CC2F87521BCFCA03888
                                                                                                                                                                                                                                                                                        SHA1:D8F89876F775EF87D98B4B6AFA5B6744744DDF8A
                                                                                                                                                                                                                                                                                        SHA-256:550778E1C1FD1F10228280198C4F8E58448D211BBF55306476521D1AE2079A7E
                                                                                                                                                                                                                                                                                        SHA-512:B1FC9C4C7252C16DE7AC0597240E2BC47C95CCD0C970FB52C0150F669D4B370790655C6E8C1F5D5D45C8B9C01B1D71B2D57EC5E89A3666635ED0FDF45AB0AEB6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#D.e.....h.....i.....j.....k.....l.....o.....p.!...q.'...r.3...s.D...t.M...v.b...w.o...y.u...z.....|.....}.....................................................................................;.............................r...........y...........z.............................]...........q...........d.........................................X.....q...........O...........8...../...........@..........._.......................y.............................*...............................................Y.......................d.......................N.......................V.......................v..................................."...........l.......................g........................ ..... .....!.....!....D"....."....."....~#.....$....I$.....$.....%.....%.....&....5&....U'.....(.....(.....).....)....%*....\*.....*....a+.....+....J,.....,.....-......................./.....0....R1....s1.....2.....3....w4.....4.....5.....6.....6.....7.....7....z8.....8.....8.....9.....:....X;

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\tr.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):510584
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.613516940837071
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:ogbMWbLB/vmrRq7rgrWv08ZSz3zqPJpCN+HG4ageJ5xB/R+9i1/GedFAM3w/KiQb:f9ORqQys3IpHG75xB/r
                                                                                                                                                                                                                                                                                        MD5:4B97981F7DBEF977A55FC3D3C18A6636
                                                                                                                                                                                                                                                                                        SHA1:A4BE048D053F6AF4F17151EC3993BD218B32B973
                                                                                                                                                                                                                                                                                        SHA-256:47A5AF272D4512C6449F8C970444A35E8233D1BB881F56E287CF30F7C3B97A42
                                                                                                                                                                                                                                                                                        SHA-512:D2BCCB3B64569205F70CB58A813798D76AF7A8AD3F8EF63A260DE93E278B7CABEAE739CF214F8A4BD18877DB13149397C498CB8A8A973D634A2E477B80679CF3
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........$E.e.....h.....i.....j.....k.....l.....n.....o.$...p.1...q.7...r.C...s.T...t.]...v.r...w.....y.....z.....|.....}.....................................................................................-.....G...........j.................I...................................>.....Y.................U.....h.................8.....G.................*.....<.................>.....`...........S.......................x.......................o.................$.......................o...........'.....?.................).....E.................3.....D.......................>.................@.....M.................S.....d...........%.....W.....d........... .....P.....\...........!.....U.....b...........g.................9.......................:.............................n.................-.......................K.......................2.......................J.............................H.................`.................@...........F.......................l.................&.............

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\uk.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):872242
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.86201616050437
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:pe36G0SlRgnqz/T0hNai4IEE5AB3IjQAMXEx/OuhLNiXEqqbL1Md:c36g5s5eEQ
                                                                                                                                                                                                                                                                                        MD5:E6C8170931FE28A984B01060EAD7B7C0
                                                                                                                                                                                                                                                                                        SHA1:7FC97F7CF9247C3297ED465D109150CBB7082FA4
                                                                                                                                                                                                                                                                                        SHA-256:6F5925D406AA8875FBCE6C66F59D79D1DACDC212C697DB3F8754C6F31B814198
                                                                                                                                                                                                                                                                                        SHA-512:2A23693034325BA54A0FC3903D0F270F0D239A7CD41A839D65765E380395292B8CCB1066B038915EC17274C2A202DB13BC43A55F2E91103349F38527BCA0594A
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.....h.....i.....j.....k.....l.....n.!...o.&...p.3...q.9...r.E...s.V...t._...v.t...w.....y.....z.....|.....}...............................................................................%.....O...........u.....8.......................1.......................?.......................Z.......................,.................J...........6.....K.......................,.................[...........I...........C.....i.......................&.......................1..... ...........l...........4...................................L.....m...........l.................|...........z...........6.................+...........<...............................................&.....p.................T.......................1.....u.................m.................i.............................L...........; ..... ....<!....p!.....!....D".....".....#....5#.....$.....$.....%....>%....0&.....'.....'.....'.....(....o).....)....9*.....*....x+.....+.....+....y,.....,....5-....R-....&...........B/

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\ur.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):763414
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.133905236966471
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:FYmAe0s8PGmrDatyfHeMK5KDPEFfWIBxNQYriwadcJKwUUuvco/9NjjFpv6S:KZ3k5LW7
                                                                                                                                                                                                                                                                                        MD5:1771280387506AA6F104B1DF9BE538A8
                                                                                                                                                                                                                                                                                        SHA1:7DF86F372D6EB9127B93364E840B68E11D8E6627
                                                                                                                                                                                                                                                                                        SHA-256:26310F300B2A097EB98F1718F8D1196DB294D9361E53C6A05070FAE61CA73C83
                                                                                                                                                                                                                                                                                        SHA-512:10E710F52F41BE2A943AFD787E6867A1F6878C74D0BEC5512B7AB02450EF3D31CBF2E5C7A9502178BBC9C80B59B5A5E03BCD6B36912ED6E755BFED4A845D3EB7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.`...h.h...i.p...j.|...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.+.....3.....8.....@.....H.....P.....W.....^.....e.....f.....g.....l...................................v...........&.........................................1.....f................. .....D...........O.................R.................A...........M....................... .................d...........T.....s.......................4.................A.....m.....K.......................F...................................@.....b...........K.................C.................5...........T.................V.................9...........5................. .............................{..........."...........2.....x...........(.......................q...........1.....R.......................T...........U.................a...........< ....b ....4!.....!....."...._"..../#.....#....f$.....$....n%.....&.....&.....&.....'....;(.....(.....(....e).....)....!*....N*.....*.....+.....+

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\vi.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):604151
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.792840024784761
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:jSFudbZg+crwJrroEw/aB1ANgsHkL0qetDf+9v2J578h67Inki+wziMHzQwt0j:0udbZg+crwJriaINgsHg0q4/578o7xi0
                                                                                                                                                                                                                                                                                        MD5:4B385677EAC987418833B06140EB8837
                                                                                                                                                                                                                                                                                        SHA1:A0DD38F682F0766E7CC076B0BD7516A6880B56C1
                                                                                                                                                                                                                                                                                        SHA-256:B6BA5E4315571B6793BBEF526CD2A97C4210B6D9E78BCC0C347CDA0E80FBCC63
                                                                                                                                                                                                                                                                                        SHA-512:0B9A61C554D8386A25846BC66F5AEE9497A687493C6F330C77661E6B409533CB6BA7A02C2D6E003075883D0B17577A05CC4EDEE897BAD02027C62E10EECDB8D5
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.........#..e.....h.....i.....j.....k.....l.....n.....o.....p.$...q.*...r.6...s.G...t.P...v.e...w.r...y.x...z.....|.....}.....................................................................................(.....G.......................9...........M.................g...........[...................................B.......................7...................................S...........E...........W...............................................K.....b...................................`.................d.......................~.................).................E.....V...........T.........................................3.......................H.......................[.............................f.................k.................6.................5...........,.....b...........+...........'.....v...........Z.................?...................................[...........%...........;.....O.......................L...........5.....j.................V.................; ..... ....#!....D!

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\zh-CN.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):436973
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.662672185740202
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:V17tzllkKNhzA9a0g7H56+L0CkGDo5hWhNqhtUB7LelW:V1ppLjzQad56+L0Wo5MhNqhtUBD
                                                                                                                                                                                                                                                                                        MD5:962F033ABAAD07DE0457CBB588F0F70B
                                                                                                                                                                                                                                                                                        SHA1:D5AD47031A15577897528113C77EC4B003FC62DF
                                                                                                                                                                                                                                                                                        SHA-256:C43D83145A3B4F1DBC388DD8173AC36412D4050B6BCEA11D1B1AE0154C40A458
                                                                                                                                                                                                                                                                                        SHA-512:8E1F5271CD04FEB72E8B72E5820EDB2B77E291AEE8BE083B3AEE252EFE2881F95DA6C726BAB8EB2C746D5A5C480C336F16C278D6651C95B47F214796A1F4270C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........h#..e.n...h.v...i.~...j.....k.....l.....m.....o.....p.....q.....r.....s.....t.....v.....w.....|.....}............. .....+.....3.....B.....G.....O.....V.....]....._.....d.....m.....y.........................................K.......................I.......................T.......................X.......................0.....}.......................^.......................y.................+.............................n.......................Z.......................p.......................O.....i.......................<.....H.............................o.................$.....w.......................W.......................<.............................f.........................................(.....q.......................M.....r.................@.....d.....v...........#.....W.....w................. .....,....................... .......................7........... .....h.....z...........F.....~.................C.....i.....x.................).....9.......................+.......

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\locales\zh-TW.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):432313
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.674047317815154
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:AQhSUfzdt+9kWt3lJDCEW2PurgehW25AYIzn7f+0y0j7zydTl:As2mWtaRgehW25AYIzjim7Q
                                                                                                                                                                                                                                                                                        MD5:197D67966B364D93432D0BAE9EC4A38E
                                                                                                                                                                                                                                                                                        SHA1:81C56F5C6746ABF6704B086DD43693ED0233B2CA
                                                                                                                                                                                                                                                                                        SHA-256:7684A1001DBA5ACB07B13C530CD76A33DEAE9AA22BA56203756894423131947E
                                                                                                                                                                                                                                                                                        SHA-512:A366092631E5CD9E2E8EAE60485C526C7227DEC3207C2B64A64CC065339E46FEA79DED6F0341EBAD346BE58136B460309BEF2CB54A13405BB88BA7509243D61E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........H#..e.....h.6...i.G...j.K...k.Z...l.e...n.m...o.r...p.z...q.....r.....s.....t.....v.....w.....y.....z.....|.....}..................................... .....'.....)...........7.....C.....R.....a...........Q.......................I.....r.....~...........>.....p.................;.....k.................(.....Q.....].......................'.............................y.......................q.......................Y.......................H.......................^.......................d.............................b.......................-.....P....._.................0.....<.............................r.......................Z.......................2.......................#............................._.....y.................%.....?.................#.....5.......................6.....|.......................7.......................".....n.................+.......................f.......................x.......................B.............................O.....v.................A.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources.pak

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):5490791
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.995643167540278
                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                        SSDEEP:98304:jWl9sXMTWPVcz+cd312MEqUdgpEGh1SK/P3UyoMLX5urwrAs9svQAqBDjhEfz3hr:jWTsXMydB831EqXhMK/P6kX5ukr1AYDS
                                                                                                                                                                                                                                                                                        MD5:1F8CC7B280B1BA74E784B2FF7CF74F95
                                                                                                                                                                                                                                                                                        SHA1:602CF5248E8C47D803480B1BF21A674E4D22D2B9
                                                                                                                                                                                                                                                                                        SHA-256:8B6EFFC81CFB127E62C4D89681DC5764DB013429769D792A25588773C8834697
                                                                                                                                                                                                                                                                                        SHA-512:4F8FE54BC3B80F40745844656895261AF11D96800DD5B472065867F88BFD78AE5D7754709FF566B79E6F75257E2685153E2EFCDAE46D95753A30EE3E48870A49
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........2...f.J...{..)..|..,..~.40.....B.....D.....F.....Q..........K.....r...........G.................H.....-.....Z...........(................<.....<j....<.....<.....<N....<.....<.....<y....<.....<.3...<.:...<.>...<.>..2=.>..3=.B..4=|D..;=.I..<=.R..==pa..D=....E=u...F=....H=....I=....r=K...s=F...t=....u=....v=....w=....x=.....=.....=E....=9...8E....]Eg...^E...._Et...`Ek...aE+...jE.&..kE.8..lE.J..jJ&S..kJ._..lJ.g..mJbk..nJHn..oJ.x..pJ.z..qJB{..rJ.|..sJ....tJ....PK+...QK....[.....[.....[.....[.....[<....[.....[.....[."...[.1...[.5...\.;...\dJ...\YM...\.R...\.S...\6U...\.V...\._...\.e...\vk...\nv...\.|...\.....\.....\....\.....\....\p....\3....\.....\.....\N....].....].h...].m....o....r..............7........7....(...................................I....1.........................O.....%...........<.................rw................T...........b.....u.....b...........2........".....#.....d.....e.D...f.....g.....h.....i.\...j..!....E%.....%..Z.....d..q..e.2u

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):9089483
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.76822087975522
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:49152:3G0pqzZbz5CZvqzNbZHqzykWenzLPZ6mzIwCJryOekxq7D3MpFUnBhXr2vR+/NI2:+RUqQ
                                                                                                                                                                                                                                                                                        MD5:AAC5D4FA92A9488D3A5C8B84EAC88D0D
                                                                                                                                                                                                                                                                                        SHA1:A5BE44FAF880D2681EE65D3E2B14BA7559724464
                                                                                                                                                                                                                                                                                        SHA-256:0C79287AD37A550B786EF5752EAF36963DA07F210A998BC37D59DDF0703D34C5
                                                                                                                                                                                                                                                                                        SHA-512:DE5A111E9B4C9DEAFB08DD6ED2863C3468BF868F1EC92F466BE6EC8EA417C33F293899E71B7FC924D4887E239E387883167271BBB71644273362B8F191762256
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.....K...K...K..{"files":{"node_modules":{"files":{"@gar":{"files":{"promisify":{"files":{"LICENSE.md":{"size":1094,"offset":"0","integrity":{"algorithm":"SHA256","hash":"ef7d10c21fe01e47a90973abda734e9be75162e5f561a84e95c5dcb9adbb89ea","blockSize":4194304,"blocks":["ef7d10c21fe01e47a90973abda734e9be75162e5f561a84e95c5dcb9adbb89ea"]}},"index.js":{"size":967,"offset":"1094","integrity":{"algorithm":"SHA256","hash":"a4fe100eb176ab95328881fe9490ac91e72d3d2992ac7fb2b9562d264156a8a3","blockSize":4194304,"blocks":["a4fe100eb176ab95328881fe9490ac91e72d3d2992ac7fb2b9562d264156a8a3"]}},"package.json":{"size":440,"offset":"2061","integrity":{"algorithm":"SHA256","hash":"8012d0cdd159557951b1cb6e25177feb5e6f01d007f09adacf897335db41be99","blockSize":4194304,"blocks":["8012d0cdd159557951b1cb6e25177feb5e6f01d007f09adacf897335db41be99"]}}}}}},"abbrev":{"files":{"LICENSE":{"size":2011,"offset":"2501","integrity":{"algorithm":"SHA256","hash":"9e0d5c7989f7e9f07d7c4b158aceff270f235eb7464ace41c5e7b200834a4

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\.prettierignore

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):102
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.331589587768789
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:BaAyLy7HaaJxvLqMgE8fEbeyvv:jba6boEB
                                                                                                                                                                                                                                                                                        MD5:8BFA0767133CF5A88CB8B59C50F572C8
                                                                                                                                                                                                                                                                                        SHA1:65A2FD7EF93BD79780933E585D9FCE26024801A5
                                                                                                                                                                                                                                                                                        SHA-256:12FA21EEE0C543B12B40854C69351B4380CB40C787086A7FD84AB2FE57EE732F
                                                                                                                                                                                                                                                                                        SHA-512:E37417405CEC0C2504DA45C6411DC5394F55F58FA520B67D7C8FD6F4CC9BC580243F16B393A3A300CFB66F0CD110372C7190F8E5EAE7737D9CC0C9F8AE930B34
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.vscode...prettierrc.yml..benchmarks/...gitattributes...yarnrc..vendor/..yarn-error.log..build..dist..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\LICENSE

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1092
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.143012802579419
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:7byOrzJHkH0yw3gt3DQJq1hBE9QHbsUv4fOk4/+8/3oqaFN:73HJMlUE/BGQHbs5JK/3oDFN
                                                                                                                                                                                                                                                                                        MD5:3B61E428C54A07B7248645DFEDB36013
                                                                                                                                                                                                                                                                                        SHA1:0ACE4B8D51EB110CC2DECD48F175EF075EB417AF
                                                                                                                                                                                                                                                                                        SHA-256:371FCC6C09ADA2D6103115F65CBE5E892893086C3ABE837859753150FCFB808E
                                                                                                                                                                                                                                                                                        SHA-512:85FB8BA315F84E660225D3C280CE15B69401847A07DCF083F48EDAFC20A704FFA8D358EA05EA447DA5727BF8E3BFB951FF36A07AC8F2C13C362461727145BA4A
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MIT License....Copyright (c) 2017 GitHub Desktop....Permission is hereby granted, free of charge, to any person obtaining a copy..of this software and associated documentation files (the "Software"), to deal..in the Software without restriction, including without limitation the rights..to use, copy, modify, merge, publish, distribute, sublicense, and/or sell..copies of the Software, and to permit persons to whom the Software is..furnished to do so, subject to the following conditions:....The above copyright notice and this permission notice shall be included in all..copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,..FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE..AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER..LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.node.recipe

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):358
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.010107582434513
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:JiMVBdDQomfE9FNyQu9ReuAg0cLXcDEZWUxGA/PA+H/dj9FTjmUjM5wuAMvNQKAJ:MMHdM9OyjIcjcgoIbfdjTjzj0vAvbwUp
                                                                                                                                                                                                                                                                                        MD5:39EEA2CCCDE33B9C0258EC07195E917A
                                                                                                                                                                                                                                                                                        SHA1:04B9F033567B2F04A4AA3F6598AE4A22C4C30651
                                                                                                                                                                                                                                                                                        SHA-256:6D61050B076FE4E0FD609F0170F3F0C087738A7E1EA790254DE37249A02DEEBE
                                                                                                                                                                                                                                                                                        SHA-512:51AACAD23A65A77DC8AD3194A0508AEA225828193FDCB03C03B3AB1DA552CAB82451149040BDDBBA4C08B96D941D049D93BE17A669A16B629B5EFE8D84DC180A
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project>.. <ProjectOutputs>.. <ProjectOutput>.. <FullPath>C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build\Release\registry.node</FullPath>.. </ProjectOutput>.. </ProjectOutputs>.. <ContentFiles />.. <SatelliteDlls />.. <NonRecipeFileRefs />..</Project>

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.tlog\CL.command.1.tlog

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (1599), with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):6838
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.6269428327970608
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:hjB/LJMuEKQOsOaOAIrrcCSK6rVONq9xPjB/LJMuEKQOsOaOAIrrcCSK6rViNq9I:BQ/FNy6yq9xfQ/FNy6eq9SX
                                                                                                                                                                                                                                                                                        MD5:76A074177A008BD6592CC7C0CD27832E
                                                                                                                                                                                                                                                                                        SHA1:B95F52445D29785609953E0CB87F90453DE56F27
                                                                                                                                                                                                                                                                                        SHA-256:DFB9A548636D573AAD5CA15347B7963D4AB78D2430DDAD6247B14EC4A5AE3855
                                                                                                                                                                                                                                                                                        SHA-512:A90658F17922007EC2F7F9F215BF25CB7D99EC915870A49FC3F0D9F8B79FC619E6B50C8D63BF1009FA09C29454790AA02BBC0C732C56506A7B9A61B7D8779620
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:..^.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.S.R.C.\.M.A.I.N...C.C...../.c. ./.I.".C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\...E.L.E.C.T.R.O.N.-.G.Y.P.\.2.8...0...0.-.A.L.P.H.A...6.\.I.N.C.L.U.D.E.\.N.O.D.E.". ./.I.".C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\...E.L.E.C.T.R.O.N.-.G.Y.P.\.2.8...0...0.-.A.L.P.H.A...6.\.S.R.C.". ./.I.".C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\...E.L.E.C.T.R.O.N.-.G.Y.P.\.2.8...0...0.-.A.L.P.H.A...6.\.D.E.P.S.\.O.P.E.N.S.S.L.\.C.O.N.F.I.G.". ./.I.".C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\...E.L.E.C.T.R.O.N.-.G.Y.P.\.2.8...0...0.-.A.L.P.H.A...6.\.D.E.P.S.\.O.P.E.N.S.S.L.\.O.P.E.N.S.S.L.\.I.N.C.L.U.D.E.". ./.I.".C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\...E.L.E.C.T.R.O.N.-.G.Y.P.\.2.8...0...0.-.A.L.P.H.A...6.\.D.E.P.S.\.U.V.\.I.N.C.L.U.D.E.". ./.I.".C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\...E.L.E.C.T.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.tlog\CL.read.1.tlog

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):63754
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.4614895529602623
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:oxhuo+WjS3VX/ZV1FvrDRD/ovgKXFarw44G4d4rDRD/ovgKXFar+:opjWFvrDRDgv1G4d4rDRDgvX
                                                                                                                                                                                                                                                                                        MD5:12B442AFC82726E201B3C3B9DC3EBE0E
                                                                                                                                                                                                                                                                                        SHA1:0F1E5D3FFD84724022F13AB9840E79C304E73887
                                                                                                                                                                                                                                                                                        SHA-256:DAA9FE15DA53F9DE30E56ED6728C85CCE8DE546E05F167911254875201F8405C
                                                                                                                                                                                                                                                                                        SHA-512:74F169BBFAB15E243496378B9AE3AE80EDF6FF14BAFB26439DAF7F1F645E27136E2A96C7921FB5087D529E70925DBFFBB7C34B6EC6A0E874E678C33D3DEA1275
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:..^.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.S.R.C.\.M.A.I.N...C.C.....C.:.\.W.I.N.D.O.W.S.\.G.L.O.B.A.L.I.Z.A.T.I.O.N.\.S.O.R.T.I.N.G.\.S.O.R.T.D.E.F.A.U.L.T...N.L.S.....C.:.\.P.R.O.G.R.A.M. .F.I.L.E.S.\.M.I.C.R.O.S.O.F.T. .V.I.S.U.A.L. .S.T.U.D.I.O.\.2.0.2.2.\.P.R.O.F.E.S.S.I.O.N.A.L.\.V.C.\.T.O.O.L.S.\.M.S.V.C.\.1.4...4.2...3.4.4.3.3.\.B.I.N.\.H.O.S.T.X.6.4.\.X.6.4.\.1.0.3.3.\.C.L.U.I...D.L.L.....C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.N.O.D.E._.M.O.D.U.L.E.S.\.N.O.D.E.-.A.D.D.O.N.-.A.P.I.\.N.A.P.I...H.....C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\...E.L.E.C.T.R.O.N.-.G.Y.P.\.2.8...0...0.-.A.L.P.H.A...6.\.I.N.C.L.U.D.E.\.N.O.D.E.\.N.O.D.E._.A.P.I...H.....C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\...E.L.E.C.T.R.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.tlog\CL.write.1.tlog

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):992
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.202206171980942
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:Q+aQsYp0gxuTa8sQsYp0gxuTaY2A2aIdPQsYp0gxuiTYbLwbQsYp0gxuTaY2A2a+:QhsIksIl29JslMbMHsIl29K2
                                                                                                                                                                                                                                                                                        MD5:10B7C35F9848E9C0FF5A072817357272
                                                                                                                                                                                                                                                                                        SHA1:58E7A913CA0A4E0CCA38D19738F6E4AA6F230D17
                                                                                                                                                                                                                                                                                        SHA-256:9E5636F94F62B626ADF3EBD848ECA1C4F0401D0A95E5AE83B1AB6AF08AA51ADF
                                                                                                                                                                                                                                                                                        SHA-512:EFE1055B7BC7F07BC67F8F2838DDFB7B2EC89CEC747D850BB1534E6316AFE8FA45B384F95576840C9B809DF041BCEFED89247D498AB2164C0C88152062AB06FC
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:..^.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.S.R.C.\.M.A.I.N...C.C.....C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.O.B.J.\.R.E.G.I.S.T.R.Y.\.S.R.C.\.M.A.I.N...O.B.J.....^.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.@.E.L.E.C.T.R.O.N.\.N.O.D.E.-.G.Y.P.\.S.R.C.\.W.I.N._.D.E.L.A.Y._.L.O.A.D._.H.O.O.K...C.C.....C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.O.B.J.\.R.E.G.I.S.T.R.Y.\.W.I.N._.D.E.L.A.Y._.L.O.A.D._.H.O.O.K...O.B.J.....

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.tlog\Cl.items.tlog

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):491
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.564486549151659
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:oFIcjcgotfIyIcjcgobtIcjcg7SKN3yIcjcgoLPPy:oFI0potgyI0poxI0p7SsyI0poDPy
                                                                                                                                                                                                                                                                                        MD5:2BDFA3B9EAB7B54EA0A339D5BB3B6F46
                                                                                                                                                                                                                                                                                        SHA1:E989A95174BBE00EB4A002C33FE1316748F5DBCF
                                                                                                                                                                                                                                                                                        SHA-256:F5C919B52842015CBCC9D87CFD6612E9CECD754337EA71E85FCB9A3BB19102BA
                                                                                                                                                                                                                                                                                        SHA-512:521B1455DC7B680A6D7DB6310565720AF5E3FE425A07113A67C1105713A92A924AF6200FA1562374E43E388E1A4F362D488E92E4665026CEC98B52784200D4E4
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\src\main.cc;C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build\Release\obj\registry\src\main.obj..C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\@electron\node-gyp\src\win_delay_load_hook.cc;C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build\Release\obj\registry\win_delay_load_hook.obj..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.tlog\link.command.1.tlog

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (742), with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2100
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.493428326279486
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:QhsIl29/csIl29KxsIl2Mwk4dEU9uBNL1LUcTzPMeHOXePEhW14UsIl2MuYZR33Y:I21I2492HmBNL1Lp7jOXA74Q2QZh3dm
                                                                                                                                                                                                                                                                                        MD5:A3C304CFA14B08D0F192845F488A81EC
                                                                                                                                                                                                                                                                                        SHA1:6814F4CB97BBA1C8E9CD0F7C8A8CEF0478216E14
                                                                                                                                                                                                                                                                                        SHA-256:18EF3F80513585753022605D674ED7F014C16DCCC457D2F0062A4ED1825A0BE8
                                                                                                                                                                                                                                                                                        SHA-512:D64D8F6D668B0F6C34BDE2CFF3B010F9239B0F9085117DD323400169459FA9EC48256664694FEF5F6F48DEA53B8C03F96B9932DE149635626C8757A00FC2E2E4
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:..^.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.O.B.J.\.R.E.G.I.S.T.R.Y.\.S.R.C.\.M.A.I.N...O.B.J.|.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.O.B.J.\.R.E.G.I.S.T.R.Y.\.W.I.N._.D.E.L.A.Y._.L.O.A.D._.H.O.O.K...O.B.J...../.O.U.T.:.".C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.R.E.G.I.S.T.R.Y...N.O.D.E.". ./.I.N.C.R.E.M.E.N.T.A.L.:.N.O. ./.N.O.L.O.G.O. .K.E.R.N.E.L.3.2...L.I.B. .U.S.E.R.3.2...L.I.B. .G.D.I.3.2...L.I.B. .W.I.N.S.P.O.O.L...L.I.B. .C.O.M.D.L.G.3.2...L.I.B. .A.D.V.A.P.I.3.2...L.I.B. .S.H.E.L.L.3.2...L.I.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.tlog\link.read.1.tlog

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):5562
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.456032172188702
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:ICIJJwtAZl9tY1dtPWNpJEV7Rrmgh/xjPK4Q6qjD:DeqW2HmD
                                                                                                                                                                                                                                                                                        MD5:9ED53D6FE25C5A43AFC596A6BBC2BF67
                                                                                                                                                                                                                                                                                        SHA1:C854727A9D83A2C6E9636CC44B6B6C48A7BFF28A
                                                                                                                                                                                                                                                                                        SHA-256:E77E916122DAB0F7F82AF4B05CD8125CE9D18B7186C781F819CA637E13945DEE
                                                                                                                                                                                                                                                                                        SHA-512:03BF83B3150E4ECFF194C99027EE7962D586A8BF6B4F6791DB9EFCDCE90FD7301EFEE24033EBA83F4052FA7EC27C3236B1837980E124E46E53B6B18357E8C932
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:..^.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.O.B.J.\.R.E.G.I.S.T.R.Y.\.S.R.C.\.M.A.I.N...O.B.J.|.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.O.B.J.\.R.E.G.I.S.T.R.Y.\.W.I.N._.D.E.L.A.Y._.L.O.A.D._.H.O.O.K...O.B.J.....C.:.\.P.R.O.G.R.A.M. .F.I.L.E.S. .(.X.8.6.).\.W.I.N.D.O.W.S. .K.I.T.S.\.1.0.\.L.I.B.\.1.0...0...2.6.1.0.0...0.\.U.M.\.X.6.4.\.K.E.R.N.E.L.3.2...L.I.B.....C.:.\.P.R.O.G.R.A.M. .F.I.L.E.S. .(.X.8.6.).\.W.I.N.D.O.W.S. .K.I.T.S.\.1.0.\.L.I.B.\.1.0...0...2.6.1.0.0...0.\.U.M.\.X.6.4.\.U.S.E.R.3.2...L.I.B.....C.:.\.P.R.O.G.R.A.M. .F.I.L.E.S. .(.X.8.6.).\.W.I.N.D.O.W.S. .K.I.T.S.\.1.0.\.L.I.B.\.1.0...0...2.6.1.0.0...0.\.U.M.\.X.6.4.\.G.D.I.3.2...L.I.B.....C.:.\.P.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.tlog\link.secondary.1.tlog

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):735
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.084801379447032
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:8/gqgmDngqgNcsycIcjcgoINyIcjcgoIYIcjcgoIbyIcjcgoIc:kgmDng2sycI0poINyI0poIYI0poIbyIN
                                                                                                                                                                                                                                                                                        MD5:2F9B5B9E42F4AE36F85C4114BC9542F9
                                                                                                                                                                                                                                                                                        SHA1:F5F74796F750C42399188228D3A621FB8C63B39C
                                                                                                                                                                                                                                                                                        SHA-256:45F4840E7952CEE5CBC115DFD85C0F883BAB9EC539D1BAA4771E0251E7C6E481
                                                                                                                                                                                                                                                                                        SHA-512:497711FF0230A6D1BD789D7842728677D965E008810D0C88A8839AFB912103F53067054749871658FC44DB551C4239EC6D580A247F7784A67EA44A8FC4E4A33E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:^C:\USERS\ADMINISTRATOR\DESKTOP\LEET STEALER\API\CRYPTER\SCRIPT\NODE_MODULES\REGISTRY-JS\BUILD\RELEASE\OBJ\REGISTRY\SRC\MAIN.OBJ|C:\USERS\ADMINISTRATOR\DESKTOP\LEET STEALER\API\CRYPTER\SCRIPT\NODE_MODULES\REGISTRY-JS\BUILD\RELEASE\OBJ\REGISTRY\WIN_DELAY_LOAD_HOOK.OBJ..C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build\Release\registry.LIB..C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build\Release\registry.EXP..C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build\Release\registry.IPDB..C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build\Release\registry.IOBJ..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.tlog\link.write.1.tlog

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1006
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.165801761884196
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:Q+aQsYp0gxuTaY2A2aIX4QsYp0gxuTaY2A2awwo5QsYp0gxuTaY2AraVCQsYp0gE:QhsIl29/csIl29KgsIl2MhsIl2M3
                                                                                                                                                                                                                                                                                        MD5:690F8A9AE7D3B059C45464FE843AD650
                                                                                                                                                                                                                                                                                        SHA1:9CF0A2596B073FE80B3AF237AD2956B5D375B33C
                                                                                                                                                                                                                                                                                        SHA-256:2EC5F24F888B0A70F4729C6C90965CCEBE2CC04C2665968E6927918BF9D18DD0
                                                                                                                                                                                                                                                                                        SHA-512:872D897A18C4A0C681106087FB838DBA5E970FC922C7288E7E50107C116CAA3E6741202C7DA0C9A7F0C4ADD58BBD62022FA90BBDB3092D960429F7B8B9D5C9D7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:..^.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.O.B.J.\.R.E.G.I.S.T.R.Y.\.S.R.C.\.M.A.I.N...O.B.J.|.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.O.B.J.\.R.E.G.I.S.T.R.Y.\.W.I.N._.D.E.L.A.Y._.L.O.A.D._.H.O.O.K...O.B.J.....C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.R.E.G.I.S.T.R.Y...N.O.D.E.....C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.R.E.G.I.S.T.R.Y...P.D.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.tlog\registry.lastbuildstate

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):225
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.096873505523068
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:YCv8v8waoAev2WlyRIviIDikfu9ReuAg0cLXcDEZWUxS:JZwzCWly23OkqIcjcgoD
                                                                                                                                                                                                                                                                                        MD5:95743AFE046B44F2A95C03AEAD2722C2
                                                                                                                                                                                                                                                                                        SHA1:0F4E05B34D109F17961D010F5299043D36352D53
                                                                                                                                                                                                                                                                                        SHA-256:107CA1BEAE8C711FAAAB92628F4BD8EBE24480BBC03C4DF0A16A650C6DE4963E
                                                                                                                                                                                                                                                                                        SHA-512:E31F72DA458A55F2558EB7A468575986FD9968E20A46AC6E35193A1C9520056A4E1E9611064D48D7DD60C35410EBCF8BD16642FB8DAEE1EF191378FD6529FE53
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:PlatformToolSet=v143:VCToolArchitecture=Native64Bit:VCToolsVersion=14.42.34433:TargetPlatformVersion=10.0.26100.0:..Release|x64|C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build\|..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.exp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:Intel amd64 COFF object file, not stripped, 2 sections, symbol offset=0x313, 12 symbols, 1st section name ".edata"
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1066
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.681617752853548
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:xlbJ7OSjOLBHvI0poIt4RZKmI0poB+PE9ZJ7AnFx2xu3g41En6J7O8:nU1AyoIGKfyoYPGEL2xuQ41En6U8
                                                                                                                                                                                                                                                                                        MD5:4BCA1B7D1E8012001FE8E7C5460233CE
                                                                                                                                                                                                                                                                                        SHA1:802A64DE18A53D45918B639BE0EEDF707FD260E5
                                                                                                                                                                                                                                                                                        SHA-256:40021E5890E767D8512C96CD9AE5AED24C001B4FC80AED85618DD7C3FC724023
                                                                                                                                                                                                                                                                                        SHA-512:B842DA1272487CD4A0DC33DE85BDAB7B0BF8FBD817FE0B53194199D8FAA5521CE05CABC997FABEAA76F337AF741687D5DF1187F88D720352290C0516037AA7A7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:d....................edata..............d...............@..@.debug$S............:...............@..B............................................................registry.node.napi_register_module_v1.node_api_module_get_api_version_v1...................... .........$.........(.........0.........,.........4.....................y.......C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build\Release\registry.exp.+.<.................*.....Microsoft (R) LINK...=..cwd.C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build.exe.C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.42.34433\bin\HostX64\x64\link.exe....8.....napi_register_module_v1.).8.....node_api_module_get_api_version_v1.@comp.id..........@feat.00...........edata.............debug$S..........szName..<.........rgpv....(.........rgszName0.........rgwOrd..8.........$N00001.J.........$N00002.b..........................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.iobj

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:Intel amd64 COFF object file, not stripped, 1002 sections, symbol offset=0x7b495, 3049 symbols, created Sun Dec 22 21:30:23 2024, 1st section name ".drectve"
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):618942
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.129879433537868
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:hhaTTHXKyIHAlqkMlwFzA9lT0+eAbLsgQ08gNe53NSpMdpGh0jm:hqTHXKxwFU0+eAkT2e53NHM
                                                                                                                                                                                                                                                                                        MD5:18F300403A8CCB5620B709D4F75CBEBA
                                                                                                                                                                                                                                                                                        SHA1:FABECE11492ED18C8EFB1A482DD126AA5565C875
                                                                                                                                                                                                                                                                                        SHA-256:03064625E4A0CEBC5F46AA310834C7248935C292055454B245B418E6E5CDE1B8
                                                                                                                                                                                                                                                                                        SHA-512:FA2DDF7EBBFACBD5EE90D2C87A6610689CEA95E37A52E07EFC597E79520A994864C548BA9BBE8830B345939231B2B4E86B2586B9956EF105EA6E26F3B6B8E2F8
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:d....hg.............drectve........N........................debug$S........L;.....>...........@..B.debug$T............................@..B.debug$S.........M..R....&..........@..B.debug$T............................@..B.rdata...............&..............@.@@.rdata..............7&..?&..........@.@@.rdata..............I&..............@.@@.rdata..............[&..............@.@@.rdata..............p&..............@.@@.rdata..............x&..............@.@@.rdata...............&..............@.@@.rdata...............&..............@.@@.rdata...............&..............@.@@.rdata.........."....&..............@.@@.rdata...............&..............@.@@.rdata...............'..............@.@@.rdata...............'..............@.@@.rdata..............+'..............@.@@.rdata..............A'..............@.@@.rdata..............N'..............@.@@.rdata..............V'..............@.@@.rdata..............n'..............@.@@.rdata.........."....'..............@.@@.rdata..........,...

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.ipdb

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):270688
                                                                                                                                                                                                                                                                                        Entropy (8bit):2.379353143410592
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:768:0fo02yMw6EPSI/7ePnxc7DsEZlLoSSifr7V9qLDZ0YJ62CLe5xYnfAj7lgB:8o7yAMH7TlLodif19qLDZh6qh+B
                                                                                                                                                                                                                                                                                        MD5:654A914E64AD14F82D59A76991B3E1F6
                                                                                                                                                                                                                                                                                        SHA1:334AEFF6AF9DE8C5501DFD6E1C32471FAB5B1188
                                                                                                                                                                                                                                                                                        SHA-256:4D78883A5965DD47FAA3FBCDA8B4871552C61F62287DEE98C1D7F81D7A9D24A8
                                                                                                                                                                                                                                                                                        SHA-512:1993E53EC6D3E6BDF40EA28CE314FEA58DA97D28CE5232A9E01107BD452893EE9081A1BF6E7D9064FB3E6396CB1B34DE1F4FCAB38DD350D1EE4CE0D2E00C2566
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:H.Q......hg....*................................................ .......n.......d.......r..4....z..x...h...?e..................p.......h.......@.......8...M.......G.....................................*..........1...........................................*..........1......................N6..f...4q..........................<.>..T..<...X.Q.2... ..........O...............................................................................................................V.. ............................................................h...................................F6..i....p.............................6...k....N.J?I3..L........................................................................................................................... ................<.................................1.............................................<6..l....o.............................6...k....N.J}.F....(........................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.lib

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:current ar archive
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2092
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.723982668011139
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:qga3k9ObFz29tkULSQ/voIKsyAOT2IRIKbCSIKTkedUK/:KU9ObQ9GUlKOtKyKwedj/
                                                                                                                                                                                                                                                                                        MD5:764BFB3BE0E83E7FF4D697AF7F8BF914
                                                                                                                                                                                                                                                                                        SHA1:41E97D0F47EEB69E56712AF50563A6FE834BE8ED
                                                                                                                                                                                                                                                                                        SHA-256:CB69F5A14B8344FB06FBABA0C948D9026AD434CA732A8F52576F0BF4BA052CFF
                                                                                                                                                                                                                                                                                        SHA-512:C380AAA868FE0F4E15F80089B960D60C452F69EFCDFAD9DA6B36A5FB32AD99193F6343F37EAE9A0C4F25A76281BC3F4E81B7B2D2B55F4B1DB01732B9FC3BCA01
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:!<arch>./ -1 0 242 `........n...........4...4........__IMPORT_DESCRIPTOR_registry.__NULL_IMPORT_DESCRIPTOR..registry_NULL_THUNK_DATA.__imp_napi_register_module_v1.napi_register_module_v1.__imp_node_api_module_get_api_version_v1.node_api_module_get_api_version_v1./ -1 0 252 `.....n...........4.........................__IMPORT_DESCRIPTOR_registry.__NULL_IMPORT_DESCRIPTOR.__imp_napi_register_module_v1.__imp_node_api_module_get_api_version_v1.napi_register_module_v1.node_api_module_get_api_version_v1..registry_NULL_THUNK_DATA.registry.node/ -1 0 499 `.d...B................debug$S........C...................@..B.idata$2............................@.0..idata$6............................@. ..............registry.node'.................*....Microsoft (R) LINK..................................................registry.node.@comp.id.............................idata$2@..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.node

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):207360
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.256839530385664
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:lz2uohFlOmA4bnDzWtD3J02kQesHIUN0+dVL/UvL9StqHO/:ljeFlOJUfkelOIUN0+dVyHe
                                                                                                                                                                                                                                                                                        MD5:B363E97D52338FF0FCD16D3FE175A481
                                                                                                                                                                                                                                                                                        SHA1:80632F68D760D7346DEAE0099F13827ED63D672E
                                                                                                                                                                                                                                                                                        SHA-256:E822956E500B5907AC4DB1FC0A5EB860D8979C9566E1C48A5E5FDB3F4435BECF
                                                                                                                                                                                                                                                                                        SHA-512:5727A722693C384D9040DD3E922959E738E881CD82A1A2229A1B8B2B5A588FAE4EA4B310F27BABD9128ABF2584F7CF41A74F065920B10558098DA0C4D6AA628D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............................................................................................@...........Rich....................PE..d.....hg.........." ...*.............}....................................................`.................................................h...<....`.......0..4............p..........p...........................p...@............0......,...@....................text............................... ..`.rdata.......0......."..............@..@.data...............................@....pdata..4....0......................@..@.fptable.....P......................@....rsrc........`....... ..............@..@.reloc.......p......."..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\registry.vcxproj

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (671)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):12650
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.612087719311082
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:fQhbfMEaLctZvfgL7rK2Wj9ZXAllvN1wZwcL7Uj9ZHL7JZj9ZGAllvN1wZwcL7UF:4h9gXu23F14wcXWXJzF14wcXxmj
                                                                                                                                                                                                                                                                                        MD5:AF3F32492193966419D340CC114A6CF2
                                                                                                                                                                                                                                                                                        SHA1:933CA2F3059D52ACC67F7D563AAA2E5AD488400E
                                                                                                                                                                                                                                                                                        SHA-256:EB99EA8733AFA0D9987F134F57AD1422868A2E8B0A39FBE2F03CF8774854BEA3
                                                                                                                                                                                                                                                                                        SHA-512:5498B942F84529ABE4ABB5924D666471258A2DB6CE25B90A839BAD7C30AA0E0DC7BB63CE90C8084168A384A0BBB842FBF8817CF0D1ABD8AE69B87D360FD58267
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">. <ItemGroup Label="ProjectConfigurations">. <ProjectConfiguration Include="Debug|x64">. <Configuration>Debug</Configuration>. <Platform>x64</Platform>. </ProjectConfiguration>. <ProjectConfiguration Include="Release|x64">. <Configuration>Release</Configuration>. <Platform>x64</Platform>. </ProjectConfiguration>. </ItemGroup>. <PropertyGroup Label="Globals">. <ProjectGuid>{AB6C7AE3-D559-EA33-9639-12637490C49E}</ProjectGuid>. <Keyword>Win32Proj</Keyword>. <RootNamespace>registry</RootNamespace>. <IgnoreWarnCompileDuplicatedFilename>true</IgnoreWarnCompileDuplicatedFilename>. <PreferredToolArchitecture>x64</PreferredToolArchitecture>. <WindowsTargetPlatformVersion>10.0.26100.0</WindowsTargetPlatformVersion>. </PropertyGroup>. <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.prop

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\registry.vcxproj.filters

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3077
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.275276028009429
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:cdKP0fq90EmIbFMsgaywGZ2y7IOEy7CWy7b2ZpPEFy7SNy7YJv:ori90dfFjZ3cMc+TmI2
                                                                                                                                                                                                                                                                                        MD5:BE76B7CCDA1FEB92E7307E23C90451EB
                                                                                                                                                                                                                                                                                        SHA1:B18D4D7E0A3328146B773E8FE990907CDD015634
                                                                                                                                                                                                                                                                                        SHA-256:A173695E18EC24DFAD4C52F714A972028DB7727CAD7192AE658539173C73DC88
                                                                                                                                                                                                                                                                                        SHA-512:488A9435D4521C712E34DB973DD0DF4E65A9A2BADC92412AFD2BED1BE1FC591FF7E73DF8241E17D81CB2EE9F93FEA1A6988CA2774DCD76B252DA3446ADC85A9C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>.<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">. <ItemGroup>. <Filter Include="..">. <UniqueIdentifier>{739DB09A-CC57-A953-A6CF-F64FA08E4FA7}</UniqueIdentifier>. </Filter>. <Filter Include="..\src">. <UniqueIdentifier>{8CDEE807-BC53-E450-C8B8-4DEBB66742D4}</UniqueIdentifier>. </Filter>. <Filter Include="C:">. <UniqueIdentifier>{7B735499-E5DD-1C2B-6C26-70023832A1CF}</UniqueIdentifier>. </Filter>. <Filter Include="C:\Users">. <UniqueIdentifier>{E9F714C1-DA89-54E2-60CF-39FEB20BF756}</UniqueIdentifier>. </Filter>. <Filter Include="C:\Users\Administrator">. <UniqueIdentifier>{89691E1D-2E39-3D29-B33C-136FE588BEC3}</UniqueIdentifier>. </Filter>. <Filter Include="C:\Users\Administrator\Desktop">. <UniqueIdentifier>{B23D6E4D-7634-EF57-62FC-46A6189C0B6E}</UniqueIdentifier>. </Filter>. <Filter Include="C:\Users\Administrator\Desktop\Leet Stealer">.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\dist\lib\index.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):658
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.062522256402601
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:KwqesyCHpNroI+KlE7dSDWQ7G0q0gNETNCJSNoV:KwBsyCHpxQKKdSyQZq0geRCYCV
                                                                                                                                                                                                                                                                                        MD5:1B753840717BA9708D4AFBFED7C5ECAE
                                                                                                                                                                                                                                                                                        SHA1:188CAA6D370515112EC3818CF89CE10A04712AE5
                                                                                                                                                                                                                                                                                        SHA-256:F8A6CC69584E07A08A4E72BA1C89BFE791AF854A62D2085F230A95A6E2ED8DA4
                                                                                                                                                                                                                                                                                        SHA-512:264F46934D2F96B2B5F0399E991FEF48EBC8C8D2292F58FCC8D39B4A27734B2A2F667F2E706B851CA8FB3A54027561EF3F305FA357DC6275001257113EFB7C60
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:"use strict";..var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {.. if (k2 === undefined) k2 = k;.. Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });..}) : (function(o, m, k, k2) {.. if (k2 === undefined) k2 = k;.. o[k2] = m[k];..}));..var __exportStar = (this && this.__exportStar) || function(m, exports) {.. for (var p in m) if (p !== "default" && !exports.hasOwnProperty(p)) __createBinding(exports, m, p);..};..Object.defineProperty(exports, "__esModule", { value: true });..__exportStar(require("./registry"), exports);..//# sourceMappingURL=index.js.map

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\dist\lib\index.js.map

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):128
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.614159942690316
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:YTyLSgx/HKB47sHNFUhh/KWyK6lAEhAWLELVHLecqn4n:YWLSyx7mNOSBKUhzLAHLecqn4
                                                                                                                                                                                                                                                                                        MD5:2DCA8F76E5031B5E3C04A2C49CF3C9DA
                                                                                                                                                                                                                                                                                        SHA1:11DF7F83A921C7ABD996D344E7585ECC9908A9A7
                                                                                                                                                                                                                                                                                        SHA-256:0BBA03610CF289DE9E8B201F7FF8898BF7C36C23D42E1BD67B15C9F6292D935B
                                                                                                                                                                                                                                                                                        SHA-512:39BB28A541F8871A21CA7D152C5EF4F3E03A2DC1B01A14BCE7091DA808B879BC8039C95CBD76ED64351F5C2F0D1F78B5E69194A0FFA0F02E33F58CC0116AB4C6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{"version":3,"file":"index.js","sourceRoot":"","sources":["../../lib/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAA0B"}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\dist\lib\registry.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):5821
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.285204757142173
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:LCQ80Gl/9mXgGkQSIsIEm1ymhva3apxrMepAHIetaFD0rrptetf+M7WZC85M7dZJ:LCHplQZyIsexrMepAHIetWD+rptetf5j
                                                                                                                                                                                                                                                                                        MD5:7084662C3E6624DAE025C24F4D307854
                                                                                                                                                                                                                                                                                        SHA1:860F0A84208663D434671E9B94048EE57A00997E
                                                                                                                                                                                                                                                                                        SHA-256:41589EC896A2D3B80311FC2325E1385F9D91DD15D0BF384C85DDA403AC3E7871
                                                                                                                                                                                                                                                                                        SHA-512:A7E9DD3ACDF0DF55CC14CB45E253BE10BC2872FFDE9ED90EE11475AA3E086E9C94A023B2D435FDBAACCBA2DAB6E9074E4A0DCB68D09B98BFB9CDE70ABEAF9DE9
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:"use strict";..Object.defineProperty(exports, "__esModule", { value: true });..exports.setValueSafe = exports.setValue = exports.createKeySafe = exports.createKey = exports.enumerateKeysSafe = exports.enumerateKeys = exports.enumerateValuesSafe = exports.enumerateValues = exports.HKEY = exports.RegistryValueType = void 0;..const nativeModule = process.platform === 'win32'.. ? require('../../build/Release/registry.node').. : null;../**.. * Utility function used to achieve exhaustive type checks at compile time... *.. * If the type system is bypassed or this method will throw an exception.. * using the second parameter as the message... *.. * @param {x} Placeholder parameter in order to leverage the type.. * system. Pass the variable which has been type narrowed.. * in an exhaustive check... *.. * @param {message} The message to be used in the runtime exception... *.. */..function assertNever(x, message) {.. throw new Error(message);..}../

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\dist\lib\registry.js.map

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3471
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.8177180825801895
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:YWLj7epv63Zh7vfvsdnRe9A4DmNv1kWDchO8u3He3OzjnMu3He3cATiKSSHe3B0c:fapazn4wW4DmpPLR+W+xl+o++Po
                                                                                                                                                                                                                                                                                        MD5:F9F52D7604BFDE2CBCEF4D06497A8B50
                                                                                                                                                                                                                                                                                        SHA1:1311CA1E1AAEBD42A5CC81AE10B9062215EF1845
                                                                                                                                                                                                                                                                                        SHA-256:B401771FED6BD7B3BC8FCD7ED64C6367C1FBF84D60455A0A24F19038555E0F2D
                                                                                                                                                                                                                                                                                        SHA-512:B5FA80C82EBEAFB6A7F4CC6BF23BDC72BDF3276032568F40AE8076BFDFE40CFDFC093172E4E5C9E53C63F685758631EE981CAEE22558701BF3201A0488C2C49B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../lib/registry.ts"],"names":[],"mappings":";;;AAAA,MAAM,YAAY,GAChB,OAAO,CAAC,QAAQ,KAAK,OAAO;IAC1B,CAAC,CAAC,OAAO,CAAC,mCAAmC,CAAC;IAC9C,CAAC,CAAC,IAAI,CAAA;AAEV;;;;;;;;;;;;GAYG;AACH,SAAS,WAAW,CAAC,CAAQ,EAAE,OAAe;IAC5C,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,CAAA;AAC1B,CAAC;AAED;;;;GAIG;AACH,IAAY,iBAYX;AAZD,WAAY,iBAAiB;IAC3B,8CAAyB,CAAA;IACzB,4CAAuB,CAAA;IACvB,wEAAmD,CAAA;IACnD,kEAA6C,CAAA;IAC7C,oDAA+B,CAAA;IAC/B,0CAAqB,CAAA;IACrB,kDAA6B,CAAA;IAC7B,0CAAqB,CAAA;IACrB,4CAAuB,CAAA;IACvB,wEAAmD,CAAA;IACnD,sCAAiB,CAAA;AACnB,CAAC,EAZW,iBAAiB,GAAjB,yBAAiB,KAAjB,yBAAiB,QAY5B;AAiBD,IAAY,IAWX;AAXD,WAAY,IAAI;IACd,+CAAuC,CAAA;IACvC,mDAA2C,CAAA;IAC3C,uCAA+B,CAAA;IAC/B,6EAAqE,CAAA;IACrE,+CAAuC,CAAA;IACvC,iDAAyC,CAAA;IACzC,uDAA+C,CAAA;IAC/C,uDAA+C,CAAA;IAC/C,6DAAqD,CAAA;IACrD,iCAAyB,CAAA;AAC3B,CAAC,EAXW,IAAI,GAAJ,YAAI,KAAJ,YAAI,QAWf;AAED,SAAS,SAAS,CAAC,GAAS;IAC1B,IAAI,GAAG,KAAK,IAAI,CAAC,iBAAiB;QAAE,OAAO,UAAU,CAAA;IACrD,IAAI,GAAG,KAAK,IAAI,CAAC,i

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\ansi-regex\index.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):135
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.355689931154668
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:agWmaBBbfaEGR8++e5ueQhicTjRZb+VIV72z27vDn:QmYBfGRvnczb+VyE27r
                                                                                                                                                                                                                                                                                        MD5:DF3213A53F3CE3092379CA771E98AF7C
                                                                                                                                                                                                                                                                                        SHA1:8E2FE7FC814A39D590CF170CCC989A166D505C1E
                                                                                                                                                                                                                                                                                        SHA-256:0F78062E714965D168FB51F1CB507AA95DD6270B563D04679ADF2506245A62B3
                                                                                                                                                                                                                                                                                        SHA-512:E1714D08FD73E64BC3BDB65280ACFE932FB903817EB84F249048DD4E41D11A2EFBE3EE3C92E6C33B12DC34A43DA3EB9DCA1A99C194A3F36BC641DC28314F8DE2
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict';.module.exports = function () {..return /[\u001b\u009b][[()#;?]*(?:[0-9]{1,4}(?:;[0-9]{0,4})*)?[0-9A-PRZcf-nqry=><]/g;.};.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\ansi-regex\license

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1119
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.1078795238525405
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:bwrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5n:bwaJHlxE35QHOs5exm3ogF5n
                                                                                                                                                                                                                                                                                        MD5:A12EBCA0510A773644101A99A867D210
                                                                                                                                                                                                                                                                                        SHA1:0C94F137F6E0536DB8CB2622A9DC84253B91B90C
                                                                                                                                                                                                                                                                                        SHA-256:6FB9754611C20F6649F68805E8C990E83261F29316E29DE9E6CEDAE607B8634C
                                                                                                                                                                                                                                                                                        SHA-512:AE79E7A4209A451AEF6B78F7B0B88170E7A22335126AC345522BF4EAFE0818DA5865AAE1507C5DC0224EF854548C721DF9A84371822F36D50CBCD97FA946EEE9
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:The MIT License (MIT)..Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TO

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\ansi-regex\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):641
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.793320245279793
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:m1D3pYwjBFD7/4SHtG3wnEtfdtuP8gxBKHj7EpPxk/GC7cIIBIMY:m1DxjBpQS0gjP5xKUiIuZ
                                                                                                                                                                                                                                                                                        MD5:DDBA9F83EBEB4B837EB97AA853F294FB
                                                                                                                                                                                                                                                                                        SHA1:CB277084750101873B5FD079018DFC9C48B7AFD7
                                                                                                                                                                                                                                                                                        SHA-256:A0CA03D3167CE026E2D8DD55481EC427272C2D2E3E130B7635FE7F70897E895F
                                                                                                                                                                                                                                                                                        SHA-512:AA0BD9A118267FA22FCD1D84D68E3781A58AA0C356397B83A76E3205DCD6440C77CADF77143C4715A9FEF3C4B03A6D3EFDD6557165F4114B4838548DFEDDB380
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "ansi-regex",. "version": "2.1.1",. "description": "Regular expression for matching ANSI escape codes",. "license": "MIT",. "repository": "chalk/ansi-regex",. "author": {. "name": "Sindre Sorhus",. "email": "sindresorhus@gmail.com",. "url": "sindresorhus.com". },. "maintainers": [. "Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)",. "Joshua Appelman <jappelman@xebia.com> (jbnicolai.com)",. "JD Ballard <i.am.qix@gmail.com> (github.com/qix-)". ],. "engines": {. "node": ">=0.10.0". },. "files": [. "index.js". ],. "devDependencies": {. "ava": "0.17.0",. "xo": "0.16.0". }.}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\aproba\LICENSE

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):752
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.0549042450081485
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:oLS4dCPXeTbbtLgmq6KX9KsA8dXsrUXA3+PPRz2AvzT3kEmy2C5ErK2PF3ea:o+ICCtEmq6s9iOnc4PRnA+qpF3ea
                                                                                                                                                                                                                                                                                        MD5:9D215C9223FBEF14A4642CC450E7ED4B
                                                                                                                                                                                                                                                                                        SHA1:279F47BEDBC7BB9520C5F26216B2323E8F0E728E
                                                                                                                                                                                                                                                                                        SHA-256:0CEF05DFFF8B6AA7F35596984F5709F0D17C2582924A751EFA471A76DE7CDC11
                                                                                                                                                                                                                                                                                        SHA-512:5E4BA806F279089D705E909E3C000674C4186D618D6AB381619099F8895AF02979F3FC9ABB43F78B9FFED33B90A7861F6C4B9D6C1BB47ED14A79E7F90ECA833C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:Copyright (c) 2015, Rebecca Turner <me@re-becca.org>..Permission to use, copy, modify, and/or distribute this software for any.purpose with or without fee is hereby granted, provided that the above.copyright notice and this permission notice appear in all copies...THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES.WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF.MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR.ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES.WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN.ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF.OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE...

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\aproba\index.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3966
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.013536326867824
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:Bao36Ov5H8KfKcSt+Rc2a9YTi1DJL1+Bh7+4OOrDLe18/O6:BaQKcStA6D2Dy12O6
                                                                                                                                                                                                                                                                                        MD5:021ED2CA21E6B17E6C9CEA7878CEAF4B
                                                                                                                                                                                                                                                                                        SHA1:0FDB9DAC7E82E5156F5D4237175F00313CBB3E44
                                                                                                                                                                                                                                                                                        SHA-256:DF0DBEADDD66465687A5B4C4EC28BDADE1343E416CABEFCE7048565584571A2A
                                                                                                                                                                                                                                                                                        SHA-512:A710B53787CDFA4C2EF92FA8E97B5A5C2ADC4619405A494C635D9B6FC7AAD173F261B44A410301EE67ED2502782872B32CDBC2EAF6477529D354622FDFE8A986
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'..function isArguments (thingy) {. return thingy != null && typeof thingy === 'object' && thingy.hasOwnProperty('callee').}..var types = {. '*': {label: 'any', check: function () { return true }},. A: {label: 'array', check: function (thingy) { return Array.isArray(thingy) || isArguments(thingy) }},. S: {label: 'string', check: function (thingy) { return typeof thingy === 'string' }},. N: {label: 'number', check: function (thingy) { return typeof thingy === 'number' }},. F: {label: 'function', check: function (thingy) { return typeof thingy === 'function' }},. O: {label: 'object', check: function (thingy) { return typeof thingy === 'object' && thingy != null && !types.A.check(thingy) && !types.E.check(thingy) }},. B: {label: 'boolean', check: function (thingy) { return typeof thingy === 'boolean' }},. E: {label: 'error', check: function (thingy) { return thingy instanceof Error }},. Z: {label: 'null', check: function (thingy) { return thingy == null }}.}..function

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\aproba\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):534
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.709787541773083
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:qz11otXopZlV6akrcVHASCZk/GC9bmPdnSSbb:s11op8femFCvlSS/
                                                                                                                                                                                                                                                                                        MD5:EAD84B03DC8B5204F6A6CE6A8E5FC20C
                                                                                                                                                                                                                                                                                        SHA1:B5AC2CF0A1480CB70777BD89CC6BEE59D8990890
                                                                                                                                                                                                                                                                                        SHA-256:9E10E195D199B1613AF457E188BD8795DC7DE03A8810438BA6ACE69ACDCAB9F4
                                                                                                                                                                                                                                                                                        SHA-512:C11064C142AB2D67ED592AA1D31E590B778B15935CA589EAEAFD9237FC4D01D3FBA226BE463AEBE61A9B32907044D483BF922ACF35D691AFB95223F1174C95E0
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "aproba",. "version": "1.2.0",. "description": "A ridiculously light-weight argument validator (now browser friendly)",. "main": "index.js",. "directories": {. "test": "test". },. "dependencies": {},. "devDependencies": {. "standard": "^10.0.3",. "tap": "^10.0.2". },. "files": [. "index.js". ],. "repository": {. "type": "git",. "url": "https://github.com/iarna/aproba". },. "author": "Rebecca Turner <me@re-becca.org>",. "license": "ISC",. "homepage": "https://github.com/iarna/aproba".}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\are-we-there-yet\CHANGES.md

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1324
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.876489003158665
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:WK/h3aVnoIIirXQvywVo3qmux4WNbyKjfWYzTEyOGCq6HO:WUKVnoIIibQ6wrz2KDsyrQu
                                                                                                                                                                                                                                                                                        MD5:32B0438CC0EC8F717B40DC465B168DB1
                                                                                                                                                                                                                                                                                        SHA1:BA86BF24ADD4F59F50F0C322F8744B37B370BA21
                                                                                                                                                                                                                                                                                        SHA-256:2B994F448BC58933B4905AD38537F354B09CC1CBBF4D168C5F4C2E43E948189F
                                                                                                                                                                                                                                                                                        SHA-512:A0B4E6ADBEDBF797B58DB9678ECF1AF883E92F83338BF90400658C48C0319BAE435E5C4565C9901C9875C4CFA22A476321FD9EE25573C63108C5CDA497385374
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:Hi, figured we could actually use a changelog now:..## 1.1.5 2018-05-24..* [#92](https://github.com/iarna/are-we-there-yet/pull/92) Fix bug where. `finish` would throw errors when including `TrackerStream` objects in. `TrackerGroup` collections. (@brianloveswords)..## 1.1.4 2017-04-21..* Fix typo in package.json..## 1.1.3 2017-04-21..* Improve documentation and limit files included in the distribution...## 1.1.2 2016-03-15..* Add tracker group cycle detection and tests for it..## 1.1.1 2016-01-29..* Fix a typo in stream completion tracker..## 1.1.0 2016-01-29..* Rewrote completion percent computation to be low impact..no more walking a. tree of completion groups every time we need this info. Previously, with. medium sized tree of completion groups, even a relatively modest number of. calls to the top level `completed()` method would result in absurd numbers. of calls overall as it walked down the tree. We now, instead, keep track as. we bubble up changes, so the computation

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\are-we-there-yet\LICENSE

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (485)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):733
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.964396492723911
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:8ICS4dCPXcbbmmgmq6KX9KsA83Xs1HUXA3+dPRz2AvPNT3khy2CgK2PF3ew:8CICckmq6s9i4gAc2PRZAQwF3ew
                                                                                                                                                                                                                                                                                        MD5:039A23DA29F56411E6D75D7B7BC9DE13
                                                                                                                                                                                                                                                                                        SHA1:13B22B5C5F89EDC3F31E092B7298CD65687E7250
                                                                                                                                                                                                                                                                                        SHA-256:FF75AAA5AAF56005EEEA7723B287F9DF3DD45B33B310A7EB347D3AB28EA26593
                                                                                                                                                                                                                                                                                        SHA-512:F81B02B55F89D2C03CF2CBB01042E3F10047CD62933FF7C966A9E05090042E0E8F24495346853909486941750E3C00D09C54760E1D43F54F8F99B0BEBDDD937F
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:Copyright (c) 2015, Rebecca Turner..Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies...THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\are-we-there-yet\index.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):163
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.360207212169072
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:agWA4iiE+XiXhFYtAUxoauMYXMRiE+XgjxWPXMRiE+X2RQEvXxpx8GhSCu:QHiiE+yXhgFRuPMRiE+QFWPMRiE+mRQR
                                                                                                                                                                                                                                                                                        MD5:A9C06E81DA780A0568FA5A53E8D7E4FE
                                                                                                                                                                                                                                                                                        SHA1:D154805F279E1F7708732426E960AB7990FFFBE2
                                                                                                                                                                                                                                                                                        SHA-256:7A427679A9B245F02D66BB09AEAA5337BDFF29375D05F3F34E7133B61001BB69
                                                                                                                                                                                                                                                                                        SHA-512:79C8F738B2397A79F192EA55E6145A4333C3B555C230D32840A06CA9DACCC5B75F547AE56DCC28561F2D6AEA9C033C24CAB385E344D8697234654B6FD909BA2C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'.exports.TrackerGroup = require('./tracker-group.js').exports.Tracker = require('./tracker.js').exports.TrackerStream = require('./tracker-stream.js').

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\are-we-there-yet\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):694
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.7286595537570815
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:Gt14WX14AG46a2bmPx91EJbwMEMnbtkER6k/GaoeS:Gt14WlDGa/OJEMX3ROeS
                                                                                                                                                                                                                                                                                        MD5:BA61E7E78DB4BB4B28BCA0C80518F397
                                                                                                                                                                                                                                                                                        SHA1:F86708B2BCBE5651707931437797911079E7A196
                                                                                                                                                                                                                                                                                        SHA-256:B3F4117452D17E539C63F5381CC721377019C1B78275D36472F37FC0E5C00004
                                                                                                                                                                                                                                                                                        SHA-512:A26439437108C7C911A012435F9F6A1BF5145497FAC2EA8E6C082AC6E0D251836F6C21D17544772C6F2FA44256C22834AFF0D2F328CCF752BBC510CB988062FA
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "are-we-there-yet",. "version": "1.1.7",. "description": "Keep track of the overall completion of many disparate processes",. "main": "index.js",. "repository": {. "type": "git",. "url": "https://github.com/iarna/are-we-there-yet.git". },. "author": "Rebecca Turner (http://re-becca.org)",. "license": "ISC",. "homepage": "https://github.com/iarna/are-we-there-yet",. "devDependencies": {. "standard": "^11.0.1",. "tap": "^12.0.1". },. "dependencies": {. "delegates": "^1.0.0",. "readable-stream": "^2.0.6". },. "files": [. "index.js",. "tracker-base.js",. "tracker-group.js",. "tracker-stream.js",. "tracker.js",. "CHANGES.md". ].}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\are-we-there-yet\tracker-base.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):274
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.559004129705898
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:QrW3tXyMx3HkQGmsEYRBBkW3Arax38FLhAmLE0TjkG3T3H:vlyi5s1jBLA258xWmdr3TH
                                                                                                                                                                                                                                                                                        MD5:BE36DBDA2EE54D2785109F0BE5037A3D
                                                                                                                                                                                                                                                                                        SHA1:7246C8D6F9FAA94A98ED31353CBDF41C62CE20FB
                                                                                                                                                                                                                                                                                        SHA-256:733F287BDE0281DAA16A3EE8E006266C37D7AA81A5750C2E2379535FEA265977
                                                                                                                                                                                                                                                                                        SHA-512:06988D323D031313FCA8F459FC06E334D3B1D96DC9841BD99FAF6AB8FE74E25345F2B9F6EAF2116D8A45BD80A4A39B7C3B5597C94B7A7219EAE2D032A6D2426B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'.var EventEmitter = require('events').EventEmitter.var util = require('util')..var trackerId = 0.var TrackerBase = module.exports = function (name) {. EventEmitter.call(this). this.id = ++trackerId. this.name = name.}.util.inherits(TrackerBase, EventEmitter).

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\are-we-there-yet\tracker-group.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3231
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.744135922006623
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:L00GtFG6/aISFIfgffGLrgRmZpZw6VutkNs10fJEKp/aiz4BKvCrgwOvKzV54wQi:W3Gia2w+hZpfKfifJEIsWMz3j813pCig
                                                                                                                                                                                                                                                                                        MD5:58FDFAE17DCCD3EE7579725EDC085045
                                                                                                                                                                                                                                                                                        SHA1:7DD60BCD62AA5385DE69E4B5D6E91362ED305616
                                                                                                                                                                                                                                                                                        SHA-256:BEEEF4C39FB6B32F2C5B2EF59E9CF09DE45D3C2516299D0ED811654A6B1AEB32
                                                                                                                                                                                                                                                                                        SHA-512:503462D2FD3C8E796D81134FB1296DFBEBFB82201AB905D97E58A07CED7A32255E62896613E593940F157F57906D1B8B4B3F1CD09C4E6FADEF713407B6AAB9AC
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'.var util = require('util').var TrackerBase = require('./tracker-base.js').var Tracker = require('./tracker.js').var TrackerStream = require('./tracker-stream.js')..var TrackerGroup = module.exports = function (name) {. TrackerBase.call(this, name). this.parentGroup = null. this.trackers = []. this.completion = {}. this.weight = {}. this.totalWeight = 0. this.finished = false. this.bubbleChange = bubbleChange(this).}.util.inherits(TrackerGroup, TrackerBase)..function bubbleChange (trackerGroup) {. return function (name, completed, tracker) {. trackerGroup.completion[tracker.id] = completed. if (trackerGroup.finished) return. trackerGroup.emit('change', name || trackerGroup.name, trackerGroup.completed(), trackerGroup). }.}..TrackerGroup.prototype.nameInTree = function () {. var names = []. var from = this. while (from) {. names.unshift(from.name). from = from.parentGroup. }. return names.join('/').}..TrackerGroup.prototype.addUnit = function (u

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\are-we-there-yet\tracker-stream.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):963
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.7109500028049505
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:OPtsa1GBsABFnIEmUB3lA6yG4V8Sdwg8S2B7F5j2grQ:s1GuABFnI4B3lZyG08Sdw1S2t/jrQ
                                                                                                                                                                                                                                                                                        MD5:8943DEBCB908885A2A4840ABF4A90442
                                                                                                                                                                                                                                                                                        SHA1:19F5B9705CFAC18BB20F36B448AC67E864A1C784
                                                                                                                                                                                                                                                                                        SHA-256:E550B2D2EE5720B7B140A73B625D1CEF6550152B1EDBD7264488C3BD54611B6F
                                                                                                                                                                                                                                                                                        SHA-512:FE1C0DA206DD9A2A9F102D69191576AC3F69140D6B3FD44091107152E4CD1138B32B1D648D945BC7D2A06B8006CC4FA167B727835D8C5E403E6B8060773555AE
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'.var util = require('util').var stream = require('readable-stream').var delegate = require('delegates').var Tracker = require('./tracker.js')..var TrackerStream = module.exports = function (name, size, options) {. stream.Transform.call(this, options). this.tracker = new Tracker(name, size). this.name = name. this.id = this.tracker.id. this.tracker.on('change', delegateChange(this)).}.util.inherits(TrackerStream, stream.Transform)..function delegateChange (trackerStream) {. return function (name, completion, tracker) {. trackerStream.emit('change', name, completion, trackerStream). }.}..TrackerStream.prototype._transform = function (data, encoding, cb) {. this.tracker.completeWork(data.length ? data.length : 1). this.push(data). cb().}..TrackerStream.prototype._flush = function (cb) {. this.tracker.finish(). cb().}..delegate(TrackerStream.prototype, 'tracker'). .method('completed'). .method('addWork'). .method('finish').

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\are-we-there-yet\tracker.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):826
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.774381340594019
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:UVwCzB6OFpjCIyrlPTOFnthndfSWr9OIPd2MsMiSWr9pPklSWY:mwgBfFo7Zs7lNrhPshNraNY
                                                                                                                                                                                                                                                                                        MD5:0713EA137FDD7B83574B0025CE2669F6
                                                                                                                                                                                                                                                                                        SHA1:6AFD823DFE51E31C67FD4E79A9DB24790E7770D9
                                                                                                                                                                                                                                                                                        SHA-256:10ABE0873555228627D7A4098AA104CB94FC609FC237C2061D6C25011DAB0117
                                                                                                                                                                                                                                                                                        SHA-512:1E6221649A844B889B41165E2D312D198D70D936641235ACFA3B5FAAFE190E9D9E730EB1D4779167CD107DC40B4268FA0E118B1A679E992F458B93082F7C0964
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'.var util = require('util').var TrackerBase = require('./tracker-base.js')..var Tracker = module.exports = function (name, todo) {. TrackerBase.call(this, name). this.workDone = 0. this.workTodo = todo || 0.}.util.inherits(Tracker, TrackerBase)..Tracker.prototype.completed = function () {. return this.workTodo === 0 ? 0 : this.workDone / this.workTodo.}..Tracker.prototype.addWork = function (work) {. this.workTodo += work. this.emit('change', this.name, this.completed(), this).}..Tracker.prototype.completeWork = function (work) {. this.workDone += work. if (this.workDone > this.workTodo) this.workDone = this.workTodo. this.emit('change', this.name, this.completed(), this).}..Tracker.prototype.finish = function () {. this.workTodo = this.workDone = 1. this.emit('change', this.name, 1, this).}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\decompress-response\index.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1023
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.916006976461456
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:QpMi2sBwBfQb9D6403nZ1yCZ6LtUECMLWr06c+G4B5FADBR:06fy9D6Z3ZBSLWooDiDH
                                                                                                                                                                                                                                                                                        MD5:5598003B6AB5F2B33234B8CB739368B9
                                                                                                                                                                                                                                                                                        SHA1:8F2596EC2A5FD70C5B056ADE193D5954BCB01FBA
                                                                                                                                                                                                                                                                                        SHA-256:A9F58E84017F49D7C3932D2E46F5DEDE98B19E38F2C8F0C694D3BE586769AFB9
                                                                                                                                                                                                                                                                                        SHA-512:F0DAEC45B54BD66DBE11596A0682DC7CFD92004C7C7403E875A5A02614D26C18FE64D6ECD68598686A96908BF4259A5CB787CCBA81BF873A057E0335163CD5CD
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict';.const {PassThrough: PassThroughStream} = require('stream');.const zlib = require('zlib');.const mimicResponse = require('mimic-response');..const decompressResponse = response => {..const contentEncoding = (response.headers['content-encoding'] || '').toLowerCase();...if (!['gzip', 'deflate', 'br'].includes(contentEncoding)) {...return response;..}...const isBrotli = contentEncoding === 'br';..if (isBrotli && typeof zlib.createBrotliDecompress !== 'function') {...return response;..}...const decompress = isBrotli ? zlib.createBrotliDecompress() : zlib.createUnzip();..const stream = new PassThroughStream();...mimicResponse(response, stream);...decompress.on('error', error => {...// Ignore empty response...if (error.code === 'Z_BUF_ERROR') {....stream.end();....return;...}....stream.emit('error', error);..});...response.pipe(decompress).pipe(stream);...return stream;.};..module.exports = decompressResponse;.// TODO: remove this in the next major version.module.exports.default

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\decompress-response\license

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (460)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1109
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.0681506929270785
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:ar4JHBH0yPP3gtAHw1hl9QHcsUv48Ok4/+dbo3oqxFD:a8JplPvEDvQHcs5ITc3omFD
                                                                                                                                                                                                                                                                                        MD5:915042B5DF33C31A6DB2B37EADAA00E3
                                                                                                                                                                                                                                                                                        SHA1:5AAF48196DDD4D007A3067AA7F30303CA8E4B29C
                                                                                                                                                                                                                                                                                        SHA-256:48DA2F39E100D4085767E94966B43F4FA95FF6A0698FBA57ED460914E35F94A0
                                                                                                                                                                                                                                                                                        SHA-512:9C8B2DEF76AE5FFE4D636166BF9635D7ABD69CDAC4BF819A2145F7969646D39AE95C96364BC117F9FA544B98518C294233455D4F665AF430C75D70798DD4AB13
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MIT License..Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)..Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHE

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\decompress-response\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):618
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.542647033146019
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:GtN1yXc7dABO/kOt74SHtG3wnuPAk/GacG1Gtdg0glCIDXIRT12uRwY:6N1c4CBOnUS0geatLglRIRT19
                                                                                                                                                                                                                                                                                        MD5:679865DA190AC785C98FA8A8F4CE8E2C
                                                                                                                                                                                                                                                                                        SHA1:64AE55BB222ADF7AE12147A82E185B775656A60F
                                                                                                                                                                                                                                                                                        SHA-256:85EF8A08CA7F8BFE3EB2482393A84D9913FEB20BDBD58284493AFC8FF529113B
                                                                                                                                                                                                                                                                                        SHA-512:F520432DC0445071466D2FFE184985A790C6FA2473C07272C998777BAB09F2AB1980686D193F2508FD1B401C588E1CCDE948D9D1445CF04E37F34EC5D3BB3E3B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "decompress-response",. "version": "4.2.1",. "description": "Decompress a HTTP response if needed",. "license": "MIT",. "repository": "sindresorhus/decompress-response",. "author": {. "name": "Sindre Sorhus",. "email": "sindresorhus@gmail.com",. "url": "sindresorhus.com". },. "engines": {. "node": ">=8". },. "files": [. "index.js",. "index.d.ts". ],. "dependencies": {. "mimic-response": "^2.0.0". },. "devDependencies": {. "@types/node": "^12.7.1",. "ava": "^2.2.0",. "get-stream": "^5.0.0",. "pify": "^4.0.1",. "tsd": "^0.7.1",. "xo": "^0.24.0". }.}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\detect-libc\LICENSE

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):11357
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4265944416265475
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:fU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEjz7HbHR:M9vlKM1zJlFvmNz5VrlkTS07Ht
                                                                                                                                                                                                                                                                                        MD5:E3FC50A88D0A364313DF4B21EF20C29E
                                                                                                                                                                                                                                                                                        SHA1:92170CDC034B2FF819323FF670D3B7266C8BFFCD
                                                                                                                                                                                                                                                                                        SHA-256:B40930BBCF80744C86C46A12BC9DA056641D722716C378F5659B9E555EF833E1
                                                                                                                                                                                                                                                                                        SHA-512:389080B6132D3EAAE780648D6998390D8CC71908561BCE09578E27C542AA1A9F3122E01F640C5B01BEE73004C23AA4E9F2066FE5EE0CA2072C2420578B28D71F
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview: Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial owne

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\detect-libc\bin\detect-libc.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:a /usr/bin/env node script, ASCII text executable
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):371
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.008050973507508
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:HWaH6KFP2YQwRWVPcMxQgPq7bfCcYNGbQPpwtrOGG8eX71z9c7hCvG+MsgHU7h:HSyzR/WcYIbQP+SR8Up9cOpMsgwh
                                                                                                                                                                                                                                                                                        MD5:ED91C87113AE1CC70C196295E8CE8A05
                                                                                                                                                                                                                                                                                        SHA1:6DC7E6EEB69A6E4DBD886675878538B4DE21314D
                                                                                                                                                                                                                                                                                        SHA-256:99A4F0B6EBE4B213E904A3563973DA0B98CABA8B7F2877FBBE5084AEADEEB307
                                                                                                                                                                                                                                                                                        SHA-512:FCEB0747A61C7955640A25F87067E67EF89B5224AE05BBBE56F1D90D09D2D563A7C1C6F06BCF417EBFE80103D7BCAB6B2D55195D0A142CFB4E4CAEA4AAD10D89
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#!/usr/bin/env node..'use strict';..var spawnSync = require('child_process').spawnSync;.var libc = require('../');..var spawnOptions = {. env: process.env,. shell: true,. stdio: 'inherit'.};..if (libc.isNonGlibcLinux) {. spawnOptions.env.LIBC = process.env.LIBC || libc.family;.}..process.exit(spawnSync(process.argv[2], process.argv.slice(3), spawnOptions).status);.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\detect-libc\lib\detect-libc.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2182
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.916953387017982
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:QwWzbxTBDdPZrOsbdTzq1rKEvgmi2zWpha/ReEMYRmyg5RDRT:QDtTjPL5Tzq1rK8iQ+a/ReEXRmymRDRT
                                                                                                                                                                                                                                                                                        MD5:E1DB4F7BFD72A6E075319DFD0D893092
                                                                                                                                                                                                                                                                                        SHA1:4341118000599A96669629929534A91D0A0B8F02
                                                                                                                                                                                                                                                                                        SHA-256:F3D658268111D4DDBC38B1C4CC67BD49FF0418CD7B0110E0BA42B530CDF80DD6
                                                                                                                                                                                                                                                                                        SHA-512:CC8DB31377F12C67C2C8246CCA9BC62FE9BF387D41EF5EB783148195419B0E80F3D0F0323F444B1A364DEFC1CE85785BBB9C10120406BA553B34E2C6409F0E6A
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict';..var platform = require('os').platform();.var spawnSync = require('child_process').spawnSync;.var readdirSync = require('fs').readdirSync;..var GLIBC = 'glibc';.var MUSL = 'musl';..var spawnOptions = {. encoding: 'utf8',. env: process.env.};..if (!spawnSync) {. spawnSync = function () {. return { status: 126, stdout: '', stderr: '' };. };.}..function contains (needle) {. return function (haystack) {. return haystack.indexOf(needle) !== -1;. };.}..function versionFromMuslLdd (out) {. return out.split(/[\r\n]+/)[1].trim().split(/\s/)[1];.}..function safeReaddirSync (path) {. try {. return readdirSync(path);. } catch (e) {}. return [];.}..var family = '';.var version = '';.var method = '';..if (platform === 'linux') {. // Try getconf. var glibc = spawnSync('getconf', ['GNU_LIBC_VERSION'], spawnOptions);. if (glibc.status === 0) {. family = GLIBC;. version = glibc.stdout.trim().split(' ')[1];. method = 'getconf';. } else {. // Try ldd. va

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\detect-libc\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):584
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.716016510648684
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:NH18o6vbExhu4ruo/QL+nruAObmF2SDnEnqkjqCecIYpuBVRguPZY:NH136vIxhu4yo/QDCNrWcYsrm
                                                                                                                                                                                                                                                                                        MD5:BA9D574B3433EDDE99EC7D51F57D31FD
                                                                                                                                                                                                                                                                                        SHA1:AD91BFD6FC61C4D50C312D8C0A5BFB4C93410D80
                                                                                                                                                                                                                                                                                        SHA-256:52D3B8B7A1D28565BF52307C861EDA7F4ACBBB8E36F1C100B73A4D4E2C94CD4E
                                                                                                                                                                                                                                                                                        SHA-512:78CCB93A38C7E7FCDCA974EB303DC75E145DB8B344157D29E2F654AB97C4E47E97772FAC5CEE3DD87666C6E2ABF043514E0C4F109FDBB9A3C1D082BD4C718B18
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "detect-libc",. "version": "1.0.3",. "description": "Node.js module to detect the C standard library (libc) implementation family and version",. "main": "lib/detect-libc.js",. "bin": {. "detect-libc": "./bin/detect-libc.js". },. "repository": {. "type": "git",. "url": "git://github.com/lovell/detect-libc". },. "author": "Lovell Fuller <npm@lovell.info>",. "license": "Apache-2.0",. "devDependencies": {. "ava": "^0.23.0",. "nyc": "^11.3.0",. "proxyquire": "^1.8.0",. "semistandard": "^11.0.0". },. "engines": {. "node": ">=0.10". }.}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\LICENSE

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):751
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.053913342996983
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:yqLS4dCPXeTbbtLgmq6KX9KsA8dXsrUXA3+PPRz2AvzT3kEmy2C5ErK2PF3ew:yq+ICCtEmq6s9iOnc4PRnA+qpF3ew
                                                                                                                                                                                                                                                                                        MD5:43ABBC6F9093AEA69560715033788727
                                                                                                                                                                                                                                                                                        SHA1:CE0C4782BDBD720BAF4D2484E5B71728D3A943AF
                                                                                                                                                                                                                                                                                        SHA-256:AF83B3CE4E592E87B4ECFA8C8CB45BC4EC26D0B3FB8F34F3687088F6928F705F
                                                                                                                                                                                                                                                                                        SHA-512:467863BDEEEA29FF067FABA6A6A6E70241BEB1ABECF7DE264EBFF36B3A497E4F3E124B180560F7812FE4180447E8045827532332BAE008603B06954CC7681605
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:Copyright (c) 2014, Rebecca Turner <me@re-becca.org>..Permission to use, copy, modify, and/or distribute this software for any.purpose with or without fee is hereby granted, provided that the above.copyright notice and this permission notice appear in all copies...THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES.WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF.MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR.ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES.WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN.ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF.OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\base-theme.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):395
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.65064524812252
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:Qr0lNDExnMCLBSM5qCGqYFCc1SJio9+M+6aUzJqYFCc1mV4ioXoewMmi:H1YnMCLB5qFqYQVJp9IbUzJqYQt4pYeH
                                                                                                                                                                                                                                                                                        MD5:F7D82C66BB1B9C300B72CC24D214FB6E
                                                                                                                                                                                                                                                                                        SHA1:ABE6CBA0FC12D2B82D5BD84543F5C3E9B2BA5E3A
                                                                                                                                                                                                                                                                                        SHA-256:AD22F4A05D105265611188E123E4A7EE07BE6D28DC5EF39C98B4F686E7A902A7
                                                                                                                                                                                                                                                                                        SHA-512:663E16C0C9179EC8DE0DCB0AFE34C44AA7F2511F5C296CD6F305906BF12112628DDC668E5EEC53C039B8A904F0514DD0B239A13D6E98E50FB6C702FE2B93F55E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'.var spin = require('./spin.js').var progressBar = require('./progress-bar.js')..module.exports = {. activityIndicator: function (values, theme, width) {. if (values.spun == null) return. return spin(theme, values.spun). },. progressbar: function (values, theme, width) {. if (values.completed == null) return. return progressBar(theme, width, values.completed). }.}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\error.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):616
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.664170599632696
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:LGKtgdDQwd5Xxr3MWI5FJTBFeCrf1nQtryUa9tgXl:LZfwjXxDyb9BFPf1QthKW
                                                                                                                                                                                                                                                                                        MD5:528E2CB56F65929AA4376E585005F1A4
                                                                                                                                                                                                                                                                                        SHA1:04E38F90829460D150C24677F678BE9C59A1986D
                                                                                                                                                                                                                                                                                        SHA-256:2957DC2045A462606DF224526D880FCC7A472BC992A74B0DB9B23BF1984A9B20
                                                                                                                                                                                                                                                                                        SHA-512:C49EEE8427B3315EA6866F094C55DB240B6D7D889A520CC3FB0400ECD25D59C064E9C137FB004F657B03D2F21BE56C00FB7ABEF9E0EF2462D8B9AD75C112EB6D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'.var util = require('util')..var User = exports.User = function User (msg) {. var err = new Error(msg). Error.captureStackTrace(err, User). err.code = 'EGAUGE'. return err.}..exports.MissingTemplateValue = function MissingTemplateValue (item, values) {. var err = new User(util.format('Missing template value "%s"', item.type)). Error.captureStackTrace(err, MissingTemplateValue). err.template = item. err.values = values. return err.}..exports.Internal = function Internal (msg) {. var err = new Error(msg). Error.captureStackTrace(err, Internal). err.code = 'EGAUGEINTERNAL'. return err.}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\has-color.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):292
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.961694585234008
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:QKIYB8XNZqqlXFel9LzsGq9qb6zdNGpwcC/3yEfMcZvZIofMccYv:dBGD3N8XLgb9OAdNowcq0cFxMcB
                                                                                                                                                                                                                                                                                        MD5:BBFD402B1F17BCC7FDDD251BE53FEBCC
                                                                                                                                                                                                                                                                                        SHA1:A1E073083F20B6CC77B8D164267E14E58771C909
                                                                                                                                                                                                                                                                                        SHA-256:921BA24F2AA18494F12C19E48EE6F9713D5EC158C86CD529BAC26CB18D26F6E5
                                                                                                                                                                                                                                                                                        SHA-512:34AD365BFA81F83AE099F13C610A640E269DF9AC7202150E3C4356EA3593EF8FFD22E344A9EEFC91086752E974F284CB54D30D4F5FD18DDC5645BDC8ADA69178
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'..module.exports = isWin32() || isColorTerm()..function isWin32 () {. return process.platform === 'win32'.}..function isColorTerm () {. var termHasColor = /^screen|^xterm|^vt100|color|ansi|cygwin|linux/i. return !!process.env.COLORTERM || termHasColor.test(process.env.TERM).}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\index.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):6999
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.879143723755625
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:xh3rwpz/F4URqRWwqEJiiWEo0iiKZOADZUlRrxy+GuJ224OymHWy0Qk6uP15l1:xd8pz/F4IqWzEJoEo0iXwdyqymHoQU
                                                                                                                                                                                                                                                                                        MD5:B281079040E5949E3FFEB958BF6E0D65
                                                                                                                                                                                                                                                                                        SHA1:5961EDCF3D4483CBE20646A2BE39E7339FD21F09
                                                                                                                                                                                                                                                                                        SHA-256:F92C0E6D52B4445754AAF90FDCC6BD603AA3269CAABC71C40DBF660088880FCF
                                                                                                                                                                                                                                                                                        SHA-512:530EFC5A4A838C4F00BF12A23923C8BC436355F82596CCA71B1B78FCBCB7A95120B42DE57A29358E4F5460C722FEBED22FB7E6E15F6A285BD3C5C2E42DAF2183
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'.var Plumbing = require('./plumbing.js').var hasUnicode = require('has-unicode').var hasColor = require('./has-color.js').var onExit = require('signal-exit').var defaultThemes = require('./themes').var setInterval = require('./set-interval.js').var process = require('./process.js').var setImmediate = require('./set-immediate')..module.exports = Gauge..function callWith (obj, method) {. return function () {. return method.call(obj). }.}..function Gauge (arg1, arg2) {. var options, writeTo. if (arg1 && arg1.write) {. writeTo = arg1. options = arg2 || {}. } else if (arg2 && arg2.write) {. writeTo = arg2. options = arg1 || {}. } else {. writeTo = process.stderr. options = arg1 || arg2 || {}. }.. this._status = {. spun: 0,. section: '',. subsection: ''. }. this._paused = false // are we paused for back pressure?. this._disabled = true // are all progress bar updates disabled?. this._showing = false // do we WANT the progress bar on scree

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1145
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.713703274968255
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:dk1y3kFaNS+uZZhqQQRKH+piqpT6Mb41E:2ykFaNS+wxUKH+TJ6MUy
                                                                                                                                                                                                                                                                                        MD5:714FF9D2950D5FAFAFE5C09195FD5FC0
                                                                                                                                                                                                                                                                                        SHA1:08E5BF35459E89EEA8FFA9B55F532AE927195D36
                                                                                                                                                                                                                                                                                        SHA-256:9456DC4D33AA19AFB40121D8AAD7522899F29FE6D585174A9E4AF0BD8800BCA1
                                                                                                                                                                                                                                                                                        SHA-512:29F497277ED572F782A80C9EEC34E22AFBF2941906F81C01FCC2B32BB1B4A29490D47E2ED9C8D4EF8F8B963B39227C75513EDE7302FE6C4367A02AA7CCD8712C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "gauge",. "version": "2.7.4",. "description": "A terminal based horizontal guage",. "main": "index.js",. "repository": {. "type": "git",. "url": "https://github.com/iarna/gauge". },. "author": "Rebecca Turner <me@re-becca.org>",. "license": "ISC",. "homepage": "https://github.com/iarna/gauge",. "dependencies": {. "aproba": "^1.0.3",. "console-control-strings": "^1.0.0",. "has-unicode": "^2.0.0",. "object-assign": "^4.1.0",. "signal-exit": "^3.0.0",. "string-width": "^1.0.1",. "strip-ansi": "^3.0.1",. "wide-align": "^1.1.0". },. "devDependencies": {. "readable-stream": "^2.0.6",. "require-inject": "^1.4.0",. "standard": "^7.1.2",. "tap": "^5.7.2",. "through2": "^2.0.0". },. "files": [. "base-theme.js",. "CHANGELOG.md",. "error.js",. "has-color.js",. "index.js",. "LICENSE",. "package.json",. "plumbing.js",. "process.js",. "progress-bar.js",. "README.md",. "render-template.js",. "s

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\plumbing.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1269
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.812631067521913
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:tA1gbezrVYBB09mDa5Ayk0H7SydIiwYZBxkJitOJ8uZMi1eP5ieKW5Xie600iaDE:t6qBqE0AyVprZBBZTVNkQ0B43D
                                                                                                                                                                                                                                                                                        MD5:097136F02DDD13C2FA1D00467BE17D58
                                                                                                                                                                                                                                                                                        SHA1:F6183D68482B5EB91D0D4FCEA01D66739B36FAF9
                                                                                                                                                                                                                                                                                        SHA-256:0DB8C804E8D5B02A1F7EFF072D3D7701F2CC5DB341074BBE1E4BDD6CA8E3AA95
                                                                                                                                                                                                                                                                                        SHA-512:5E1F13D155E59A9407B93C49A9A219EF06F3322FCD6893145563CC6C8CCAFBCDB87B11BF4728939835197DBE3B2EAA8E602FCABF41FD930E86724C1C10A3C639
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'.var consoleControl = require('console-control-strings').var renderTemplate = require('./render-template.js').var validate = require('aproba')..var Plumbing = module.exports = function (theme, template, width) {. if (!width) width = 80. validate('OAN', [theme, template, width]). this.showing = false. this.theme = theme. this.width = width. this.template = template.}.Plumbing.prototype = {}..Plumbing.prototype.setTheme = function (theme) {. validate('O', [theme]). this.theme = theme.}..Plumbing.prototype.setTemplate = function (template) {. validate('A', [template]). this.template = template.}..Plumbing.prototype.setWidth = function (width) {. validate('N', [width]). this.width = width.}..Plumbing.prototype.hide = function () {. return consoleControl.gotoSOL() + consoleControl.eraseLine().}..Plumbing.prototype.hideCursor = consoleControl.hideCursor..Plumbing.prototype.showCursor = consoleControl.showCursor..Plumbing.prototype.show = function (status) {. var val

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\process.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):89
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.173406223573972
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:agWAKyqeSmGKX29Km1JyBbPKXJ:QMS2fm10B+Z
                                                                                                                                                                                                                                                                                        MD5:337306F3FC6274ECD4F9E7C7CEEFFB1D
                                                                                                                                                                                                                                                                                        SHA1:8710BC75E47006D96F52C5A8CE8AC224F3E2356D
                                                                                                                                                                                                                                                                                        SHA-256:742BD2D12A7786E595955C8A846DBEFE88591DF39C2659491BDDADBB8ED7DAE6
                                                                                                                                                                                                                                                                                        SHA-512:DDBB842E803E1F170ADF8EF41E209EB2CD0B857F2605E816EBEFAE3F4C9BC40F70A4FB1B32FBFEED04ED2465D8D19BE573A3958DF51DF7503817766A705A9DE4
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'.// this exists so we can replace it during testing.module.exports = process.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\progress-bar.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):998
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.716891710573431
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:z611TBExR/CyrxKYt8yXaN9G/7rYAWrzGbQm0fDJLX2YWV:G11TgUlGjE+Um00JV
                                                                                                                                                                                                                                                                                        MD5:3CC6FC14B07AF0CEE1C09E3B5051ADD3
                                                                                                                                                                                                                                                                                        SHA1:285ABDF17D57765EBE2D807D484851E83F932292
                                                                                                                                                                                                                                                                                        SHA-256:0E7F113040C0380731E6B6597A74D7909F4C7A25E3A8909CB06AFCD96D95ABDC
                                                                                                                                                                                                                                                                                        SHA-512:C1090398757DC5FC372A4BC2CCBA6C136BDC7FA9605FDB8DFFE40FA32467B0581EA02935C8EA2277327DA6173254198E82CB378C95ED1090C2C517C3E206FEB6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'.var validate = require('aproba').var renderTemplate = require('./render-template.js').var wideTruncate = require('./wide-truncate').var stringWidth = require('string-width')..module.exports = function (theme, width, completed) {. validate('ONN', [theme, width, completed]). if (completed < 0) completed = 0. if (completed > 1) completed = 1. if (width <= 0) return ''. var sofar = Math.round(width * completed). var rest = width - sofar. var template = [. {type: 'complete', value: repeat(theme.complete, sofar), length: sofar},. {type: 'remaining', value: repeat(theme.remaining, rest), length: rest}. ]. return renderTemplate(width, template, theme).}..// lodash's way of repeating.function repeat (string, width) {. var result = ''. var n = width. do {. if (n % 2) {. result += string. }. n = Math.floor(n / 2). /*eslint no-self-assign: 0*/. string += string. } while (n && stringWidth(result) < width).. return wideTruncate(result, width).}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\render-template.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):5739
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.736972297430681
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:QRB1gtRnR7un6uViRZqNiGX/xDGsFtWsVhGvwerqF7Hjwe6qF7Y2MGi5qbcfWxn:QRotR9gFkRsNio8saIh2weW5HjweD5YU
                                                                                                                                                                                                                                                                                        MD5:A5AD81E4F407436ED067BD4ED0E0F607
                                                                                                                                                                                                                                                                                        SHA1:1D4B5D10409FF9258D8C8459080A98BBEB7189FD
                                                                                                                                                                                                                                                                                        SHA-256:291274E3C3E3F680B248935DCD5296C4F76B2E592045231A6D5347782D57DBEB
                                                                                                                                                                                                                                                                                        SHA-512:CA9B0DC9470FEA264C1C44B7D946955CA4C9409750D732C5614C1D6953CBD26F8A20EE90BECC32DE1245820CEC67DE811AF06232E108C1005FF19E0033166FC1
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'.var align = require('wide-align').var validate = require('aproba').var objectAssign = require('object-assign').var wideTruncate = require('./wide-truncate').var error = require('./error').var TemplateItem = require('./template-item')..function renderValueWithValues (values) {. return function (item) {. return renderValue(item, values). }.}..var renderTemplate = module.exports = function (width, template, values) {. var items = prepareItems(width, template, values). var rendered = items.map(renderValueWithValues(values)).join(''). return align.left(wideTruncate(rendered, width), width).}..function preType (item) {. var cappedTypeName = item.type[0].toUpperCase() + item.type.slice(1). return 'pre' + cappedTypeName.}..function postType (item) {. var cappedTypeName = item.type[0].toUpperCase() + item.type.slice(1). return 'post' + cappedTypeName.}..function hasPreOrPost (item, values) {. if (!item.type) return. return values[preType(item)] || values[postType(item

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\set-immediate.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):139
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4913549644851685
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:agWAqPKGuYJrkhmAtyBbhEkM4KoG4xv/OyBbPKXtHAv:QrMYFEYBSFuG4xvLB+9q
                                                                                                                                                                                                                                                                                        MD5:E5CB7C218A0F9437498FA48539DD3DD2
                                                                                                                                                                                                                                                                                        SHA1:0EE3511B6DAC6BD821FF613BC07FEAFE664CCF3F
                                                                                                                                                                                                                                                                                        SHA-256:90DBB2E127D9B971731B2094B2516A463243E4074367DD4129FE2849EF598514
                                                                                                                                                                                                                                                                                        SHA-512:D712323110DE5977513F9BCFD945BBB3310A4C45DAC8CAC949A27F7E99F20E0A1A63E200E8BFDC56AA756E3FC670724E953521CBC6C3A2A2E06AFADCF845DCD1
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'.var process = require('./process').try {. module.exports = setImmediate.} catch (ex) {. module.exports = process.nextTick.}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\set-interval.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):93
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.241995613138929
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:agWAKyqeSmGKX29Km1JyBbh5TEJv:QMS2fm10BnTgv
                                                                                                                                                                                                                                                                                        MD5:CF1C3E0E4BC3B07ADF812B1C70E8BDBD
                                                                                                                                                                                                                                                                                        SHA1:5C2C33590101B8947FDFE9A22BA1D17B1F1E4D70
                                                                                                                                                                                                                                                                                        SHA-256:19D2FA52118A39A7810EFEB7BCE45418F3E55EE7B445C85811D07A2F73B7BBB7
                                                                                                                                                                                                                                                                                        SHA-512:D4D9F8DD9C997ECAF5A45A88E6627747701B38995EFC956CAF611A3679499896C08134A797C51A90B0A5A1DAD71B0C6A7F65BADEC68F568F9655BD486C7894E4
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'.// this exists so we can replace it during testing.module.exports = setInterval.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\spin.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):105
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.294394152450316
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:agWAvIYBbfZ8N9jLEw/Q+sxu3uKyzYv:QKIYB6xIwGxueKmC
                                                                                                                                                                                                                                                                                        MD5:35D56B687E0E510544D77FB01F350406
                                                                                                                                                                                                                                                                                        SHA1:B2A1975A8A0D714909FE8D5056804700FEFD11D3
                                                                                                                                                                                                                                                                                        SHA-256:4DDB202944FD4E556EDC68107B1A1F33DD25F1910876D2BF04EB5A58AE060C9D
                                                                                                                                                                                                                                                                                        SHA-512:D1A19D4AA31DBD4B1793CDFD9B388004E948636C86CAA48120E49A252F3922F4C611C9EC70FA3AB043042C4797C89248607A627025EEA1483C2327751F880B95
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'..module.exports = function spin (spinstr, spun) {. return spinstr[spun % spinstr.length].}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\template-item.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1904
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.670466876400621
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:STBdDBsbw1laQnPGHnsOeqDXnqMTxRXB5K01/1N18:STn9ss1UoPpqDXnqgxPKp
                                                                                                                                                                                                                                                                                        MD5:5B4AE4B9EC5331E9C9D1F721146AF2EC
                                                                                                                                                                                                                                                                                        SHA1:44EA3E6D6CE673580FB2D20CB6A83E53BA59C197
                                                                                                                                                                                                                                                                                        SHA-256:AD544689AB58CB73A30EF89B33A10E3A805B5C22BFF8B37F7F0C5B9A48F7E34A
                                                                                                                                                                                                                                                                                        SHA-512:81900B25BB772A07E203219BF0891C219AD5D02FBD36A8066EB8EAC7B4FA51E4E3FFAA1B1ECD48357DA2DD3E6EB7DB287C9527260DFA09395EB279AE5B43C184
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'.var stringWidth = require('string-width')..module.exports = TemplateItem..function isPercent (num) {. if (typeof num !== 'string') return false. return num.slice(-1) === '%'.}..function percent (num) {. return Number(num.slice(0, -1)) / 100.}..function TemplateItem (values, outputLength) {. this.overallOutputLength = outputLength. this.finished = false. this.type = null. this.value = null. this.length = null. this.maxLength = null. this.minLength = null. this.kerning = null. this.align = 'left'. this.padLeft = 0. this.padRight = 0. this.index = null. this.first = null. this.last = null. if (typeof values === 'string') {. this.value = values. } else {. for (var prop in values) this[prop] = values[prop]. }. // Realize percents. if (isPercent(this.length)) {. this.length = Math.round(this.overallOutputLength * percent(this.length)). }. if (isPercent(this.minLength)) {. this.minLength = Math.round(this.overallOutputLength * percent(this.minL

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\theme-set.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3693
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.864055911292372
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:PRqXr6aZIuGk3qWoKqeGoSVJEnyHim6f0:PRq7jZr3NpUrEcSf0
                                                                                                                                                                                                                                                                                        MD5:4770D98862414436FB700E2F1F5C6327
                                                                                                                                                                                                                                                                                        SHA1:6916F70AE783E1B92B6F4089B95A0D1B15280755
                                                                                                                                                                                                                                                                                        SHA-256:3A6960A56CE064192D7CCFE4645C92745EBFC6CDBBCE29DC10350EBAFA8AB022
                                                                                                                                                                                                                                                                                        SHA-512:375710F3368A38D5E46F73E1C866083AAD6C4B4C2169D185940189981BCF74323889D639F8B5962314FAF5F762D8958C2457C322D9AEE77098E24806C5F72C1E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'.var objectAssign = require('object-assign')..module.exports = function () {. return ThemeSetProto.newThemeSet().}..var ThemeSetProto = {}..ThemeSetProto.baseTheme = require('./base-theme.js')..ThemeSetProto.newTheme = function (parent, theme) {. if (!theme) {. theme = parent. parent = this.baseTheme. }. return objectAssign({}, parent, theme).}..ThemeSetProto.getThemeNames = function () {. return Object.keys(this.themes).}..ThemeSetProto.addTheme = function (name, parent, theme) {. this.themes[name] = this.newTheme(parent, theme).}..ThemeSetProto.addToAllThemes = function (theme) {. var themes = this.themes. Object.keys(themes).forEach(function (name) {. objectAssign(themes[name], theme). }). objectAssign(this.baseTheme, theme).}..ThemeSetProto.getTheme = function (name) {. if (!this.themes[name]) throw this.newMissingThemeError(name). return this.themes[name].}..ThemeSetProto.setDefault = function (opts, name) {. if (name == null) {. name = opts.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\themes.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1543
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.935026427619443
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:9Jo3c+/ruEM6tl4tcvpuZrqHJX6tc4xW5k:YZd56cuiJup
                                                                                                                                                                                                                                                                                        MD5:E07E8E0552CC1F3C6A9FAF25C74E0D75
                                                                                                                                                                                                                                                                                        SHA1:2556B438216C7F2CE9985C2E3350A8DD7E419394
                                                                                                                                                                                                                                                                                        SHA-256:AA4A4755D792048D9BFFC19F24C8BE89F89338E9FBA52A580DF8BDEA18E243A5
                                                                                                                                                                                                                                                                                        SHA-512:9B4A5320F81A56C53E620509D8AADB3D20FFF5A951DBC818271338A7A6CD2206E0775C898726191A382EFD5261459A0ABDF03C4E76A007D46861905ECDC6421B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'.var consoleControl = require('console-control-strings').var ThemeSet = require('./theme-set.js')..var themes = module.exports = new ThemeSet()..themes.addTheme('ASCII', {. preProgressbar: '[',. postProgressbar: ']',. progressbarTheme: {. complete: '#',. remaining: '.'. },. activityIndicatorTheme: '-\\|/',. preSubsection: '>'.})..themes.addTheme('colorASCII', themes.getTheme('ASCII'), {. progressbarTheme: {. preComplete: consoleControl.color('inverse'),. complete: ' ',. postComplete: consoleControl.color('stopInverse'),. preRemaining: consoleControl.color('brightBlack'),. remaining: '.',. postRemaining: consoleControl.color('reset'). }.})..themes.addTheme('brailleSpinner', {. preProgressbar: '.',. postProgressbar: '.',. progressbarTheme: {. complete: '.',. remaining: '.'. },. activityIndicatorTheme: '..........',. preSubsection: '>'.})..themes.addTheme('colorBrailleSpinner', themes.getTheme('brailleSpin

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\wide-truncate.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):828
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.506998856918432
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:SE7B5PJDSOeJXaTPq56mbhB5BQbeXEHbn:SE7LJeDwP3w7QbeXE7
                                                                                                                                                                                                                                                                                        MD5:75D9702A66C7A37F8603E6C1C29929B2
                                                                                                                                                                                                                                                                                        SHA1:684A2D866C9DBA4F80F0B645600A096883F79B5C
                                                                                                                                                                                                                                                                                        SHA-256:9CDA29FE56643215B87710E4D99DF6A2A78101927D99047EE69DFB114017138D
                                                                                                                                                                                                                                                                                        SHA-512:018595A09E7A32DEBDA35055427C9B327400C5D55989227BD42EA52A3BCABE7AF7BF9948FDD6D758C42C354135AC75BC4F3EFFF2B723209A7C3FA3BD0A015CAA
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'.var stringWidth = require('string-width').var stripAnsi = require('strip-ansi')..module.exports = wideTruncate..function wideTruncate (str, target) {. if (stringWidth(str) === 0) return str. if (target <= 0) return ''. if (stringWidth(str) <= target) return str.. // We compute the number of bytes of ansi sequences here and add. // that to our initial truncation to ensure that we don't slice one. // that we want to keep in half.. var noAnsi = stripAnsi(str). var ansiSize = str.length + noAnsi.length. var truncated = str.slice(0, target + ansiSize).. // we have to shrink the result to account for our ansi sequence buffer. // (if an ansi sequence was truncated) and double width characters.. while (stringWidth(truncated) > target) {. truncated = truncated.slice(0, -1). }. return truncated.}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\is-fullwidth-code-point\index.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1463
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.341537919917637
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:GYBoqiIWtdHc6rBclH1qrfTr5jv5XtTJs7RvxZcFTjXxwbjrJzeNZ1MCw:GYu0MHSlVmnfXdJslvxZgTjhCjrtei
                                                                                                                                                                                                                                                                                        MD5:2F08A4AAE88894D808045E430DAB146C
                                                                                                                                                                                                                                                                                        SHA1:7647B9A016393C95E9694FF1DAFB3E4EE66FD795
                                                                                                                                                                                                                                                                                        SHA-256:6701D64B4AD395F30B07F8685C04C6D61CA9C98094D75D0B2E06687E2386910F
                                                                                                                                                                                                                                                                                        SHA-512:B781BB499AC4701C4C09C4CC2C20141D960FC76C163F2CE1BEA8093C3997A84AC243CAB901BC523FCF327379E2EC2F553E230FD7F5116F8717838E2611722243
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict';.var numberIsNan = require('number-is-nan');..module.exports = function (x) {..if (numberIsNan(x)) {...return false;..}...// https://github.com/nodejs/io.js/blob/cff7300a578be1b10001f2d967aaedc88aee6402/lib/readline.js#L1369...// code points are derived from:..// http://www.unix.org/Public/UNIDATA/EastAsianWidth.txt..if (x >= 0x1100 && (...x <= 0x115f || // Hangul Jamo...0x2329 === x || // LEFT-POINTING ANGLE BRACKET...0x232a === x || // RIGHT-POINTING ANGLE BRACKET...// CJK Radicals Supplement .. Enclosed CJK Letters and Months...(0x2e80 <= x && x <= 0x3247 && x !== 0x303f) ||...// Enclosed CJK Letters and Months .. CJK Unified Ideographs Extension A...0x3250 <= x && x <= 0x4dbf ||...// CJK Unified Ideographs .. Yi Radicals...0x4e00 <= x && x <= 0xa4c6 ||...// Hangul Jamo Extended-A...0xa960 <= x && x <= 0xa97c ||...// Hangul Syllables...0xac00 <= x && x <= 0xd7a3 ||...// CJK Compatibility Ideographs...0xf900 <= x && x <= 0xfaff ||...// Vertical Forms...0xfe10 <= x && x

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\is-fullwidth-code-point\license

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1119
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.1078795238525405
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:bwrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5n:bwaJHlxE35QHOs5exm3ogF5n
                                                                                                                                                                                                                                                                                        MD5:A12EBCA0510A773644101A99A867D210
                                                                                                                                                                                                                                                                                        SHA1:0C94F137F6E0536DB8CB2622A9DC84253B91B90C
                                                                                                                                                                                                                                                                                        SHA-256:6FB9754611C20F6649F68805E8C990E83261F29316E29DE9E6CEDAE607B8634C
                                                                                                                                                                                                                                                                                        SHA-512:AE79E7A4209A451AEF6B78F7B0B88170E7A22335126AC345522BF4EAFE0818DA5865AAE1507C5DC0224EF854548C721DF9A84371822F36D50CBCD97FA946EEE9
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:The MIT License (MIT)..Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TO

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\is-fullwidth-code-point\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):561
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.622284903279248
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:PtNWt181GQ91L+KauV/kNNWb4SHtG3wnuPxk/GCI0cInY:PtYt1eGQ9wvuVYY0S0gemY
                                                                                                                                                                                                                                                                                        MD5:7022383A1D71C5BBA1DF66BFC024203C
                                                                                                                                                                                                                                                                                        SHA1:7BB0A7FBEEEF1E5CFEA39B063AA968E072B07AD2
                                                                                                                                                                                                                                                                                        SHA-256:30C9E9125BF6654345A8C4DC532DB161D098187A223E0E3AC78A68E115ABFCB4
                                                                                                                                                                                                                                                                                        SHA-512:109A8703648B0B2B509FCFAC807EE2CC9E0202539EE9B428936E8C88C060753393604BE2226677324B7834CF2E74D4DD682F2A97FFDCAD4DEE9988468948C38F
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "is-fullwidth-code-point",. "version": "1.0.0",. "description": "Check if the character represented by a given Unicode code point is fullwidth",. "license": "MIT",. "repository": "sindresorhus/is-fullwidth-code-point",. "author": {. "name": "Sindre Sorhus",. "email": "sindresorhus@gmail.com",. "url": "sindresorhus.com". },. "engines": {. "node": ">=0.10.0". },. "files": [. "index.js". ],. "dependencies": {. "number-is-nan": "^1.0.0". },. "devDependencies": {. "ava": "0.0.4",. "code-point-at": "^1.0.0". }.}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\mimic-response\index.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):866
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.874330655934767
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:m9sPhShN1S0L0W0UVBsAhuSK8AhSnQW9GFp+VIAhg2AhKamAhHAh2LB:PsQ0L0W0UVmhSK8/nQaK52zDEL
                                                                                                                                                                                                                                                                                        MD5:62DE4DC4D0C0C096BC7F52EDB749B622
                                                                                                                                                                                                                                                                                        SHA1:230D9C7141C2886140B3E2B6CBE3E2C980C2555D
                                                                                                                                                                                                                                                                                        SHA-256:954E75EB633F92DF1143EF3A9F199DF54C8F42CECD65C00A397AA890099DF60B
                                                                                                                                                                                                                                                                                        SHA-512:6838F7CBD29AABE5DC81C984303338B407C146FE89CFCB0A83FFC39D3A4CA0E0EEA67A0088309B8DCCA3990D3E71DAC5DCCBEF74EA34749D241889C3E20FDA6A
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict';..// We define these manually to ensure they're always copied.// even if they would move up the prototype chain.// https://nodejs.org/api/http.html#http_class_http_incomingmessage.const knownProperties = [..'aborted',..'complete',..'destroy',..'headers',..'httpVersion',..'httpVersionMinor',..'httpVersionMajor',..'method',..'rawHeaders',..'rawTrailers',..'setTimeout',..'socket',..'statusCode',..'statusMessage',..'trailers',..'url'.];..module.exports = (fromStream, toStream) => {..const fromProperties = new Set(Object.keys(fromStream).concat(knownProperties));...for (const property of fromProperties) {...// Don't overwrite existing properties....if (property in toStream) {....continue;...}....toStream[property] = typeof fromStream[property] === 'function' ? fromStream[property].bind(fromStream) : fromStream[property];..}...return toStream;.};.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\mimic-response\license

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (460)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1117
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.079903213409815
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:FHr4JHBH0yPP3gtAHw1hl9QHcsUv48Ok4/+dbo3oqxFD:FH8JplPvEDvQHcs5ITc3omFD
                                                                                                                                                                                                                                                                                        MD5:D5F2A6DD0192DCC7C833E50BB9017337
                                                                                                                                                                                                                                                                                        SHA1:80674912E3033BE358331910BA27D5812369C2FC
                                                                                                                                                                                                                                                                                        SHA-256:5C932D88256B4AB958F64A856FA48E8BD1F55BC1D96B8149C65689E0C61789D3
                                                                                                                                                                                                                                                                                        SHA-512:D1F336FF272BC6B96DC9A04A7D0EF8F02936DD594F514060340478EE575FE01D55FC7A174DF5814A4FAF72C8462B012998ECA7BB898E3F9A3E87205FB9135AF2
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MIT License..Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (https://sindresorhus.com)..Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\mimic-response\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):665
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.657947517329449
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:w1UEYbkvwUj+T4SHtGwwnuPAk/G1G6GC70qkM2FHHlIIaoI2121+RwY:w1UEYlUrS0Jexi0NM2FnlT1n
                                                                                                                                                                                                                                                                                        MD5:D531D31E860862BEB8C10E78AE8C6A93
                                                                                                                                                                                                                                                                                        SHA1:DE74A0B464DCA5C041F9250AF72CD099D3F8F85D
                                                                                                                                                                                                                                                                                        SHA-256:02BE0F57FAA3DC5DE99F441DE093BF9C10294ED0A8888C73D55B326F82460B85
                                                                                                                                                                                                                                                                                        SHA-512:AD86A8D8AF15EB5BDB05F77A942B515CC14A04871950D7F4837BDE8EC9176C2532588D3E41A91B3DA7D8F2835AA9444E81A81858462A504B3D3402F2238FAF3B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "mimic-response",. "version": "2.1.0",. "description": "Mimic a Node.js HTTP response stream",. "license": "MIT",. "repository": "sindresorhus/mimic-response",. "funding": "https://github.com/sponsors/sindresorhus",. "author": {. "name": "Sindre Sorhus",. "email": "sindresorhus@gmail.com",. "url": "https://sindresorhus.com". },. "engines": {. "node": ">=8". },. "files": [. "index.d.ts",. "index.js". ],. "devDependencies": {. "@sindresorhus/tsconfig": "^0.3.0",. "@types/node": "^12.0.0",. "ava": "^1.1.0",. "create-test-server": "^2.4.0",. "pify": "^4.0.1",. "tsd": "^0.7.3",. "xo": "^0.24.0". }.}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-abi\CODE_OF_CONDUCT.md

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3194
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.501539803861547
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:M1317qsii/PEFCH3Ybr3dfUmZ1f9k/W0pYGsT4RdEb5zc:6ZqsJEcH3EddlROXc4R/
                                                                                                                                                                                                                                                                                        MD5:EAB4AF3D288D00677E2780040D15A172
                                                                                                                                                                                                                                                                                        SHA1:3BC92457B1A6F9D42E979C75A359894B168D117B
                                                                                                                                                                                                                                                                                        SHA-256:E9603DC16CE6B339120BF32D50D7B0D1776527DEDBCD90D7F400B336530BABE3
                                                                                                                                                                                                                                                                                        SHA-512:E36CB0ED1E9AA5FCC4E681A30F413702E8F28CEBAF7AB52BDA5D0DB2EB3B08D139469914D2236DA3F6146DF452F09FF571EC3CBEF67C61BD063F79CBDBBCB557
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:# Contributor Covenant Code of Conduct..## Our Pledge..In the interest of fostering an open and welcoming environment, we as.contributors and maintainers pledge to making participation in our project and.our community a harassment-free experience for everyone, regardless of age, body.size, disability, ethnicity, gender identity and expression, level of experience,.nationality, personal appearance, race, religion, or sexual identity and.orientation...## Our Standards..Examples of behavior that contributes to creating a positive environment.include:..* Using welcoming and inclusive language.* Being respectful of differing viewpoints and experiences.* Gracefully accepting constructive criticism.* Focusing on what is best for the community.* Showing empathy towards other community members..Examples of unacceptable behavior by participants include:..* The use of sexualized language or imagery and unwelcome sexual attention or. advances.* Trolling, insulting/derogatory comments, and persona

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-abi\CONTRIBUTING.md

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1646
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.928630940879876
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:9YGuXkSZx7nd365KmduYvyTitLLbQC7RY8SKtddUb31W:budxJQrgWyTiRbQYddUj1W
                                                                                                                                                                                                                                                                                        MD5:DFAC083BF61441BF9C6BE6AF674C7B63
                                                                                                                                                                                                                                                                                        SHA1:344B1134ACEC1139183FB6F08841F839A4C393EE
                                                                                                                                                                                                                                                                                        SHA-256:A6B7B86697CA5F10BD5854C0150570199EE222EEF3E75427207828B398B4E1E3
                                                                                                                                                                                                                                                                                        SHA-512:809F4F3DAF8B25D100ABBF26D625372F3D3274A3440D804F47B1D4B5E9F96F8F4C3716D9904B6EC105F29CF3A72B96763CE6FB9849763298B844D69B5A66BBE7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:# Contributing to `node-abi`..:+1::tada: First off, thanks for taking the time to contribute to `node-abi`! :tada::+1:..## Commit Message Guidelines..This module uses [`semantic-release`](https://github.com/semantic-release/semantic-release) to automatically release new versions via Travis..Therefor we have very precise rules over how our git commit messages can be formatted...Each commit message consists of a **header**, a **body** and a **footer**. The header has a special.format that includes a **type**, a **scope** and a **subject** ([full explanation](https://github.com/stevemao/conventional-changelog-angular/blob/master/convention.md)):..```.<type>(<scope>): <subject>.<BLANK LINE>.<body>.<BLANK LINE>.<footer>.```..### Type..Must be one of the following:..- **feat**: A new feature. **Will trigger a new release**.- **fix**: A bug fix or a addition to one of the target arrays. **Will trigger a new release**.- **docs**: Documentation only changes.- **style**: Changes that do not aff

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-abi\LICENSE

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1069
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.103348028012637
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:pxyDrmJHHH0yN3gtsHw1hC09QHOsUv4eOk4/+/m3oqLFh:2DaJHlxE3dQHOs5exm3ogFh
                                                                                                                                                                                                                                                                                        MD5:950DED031080D1CC5EFFFEC127B7A852
                                                                                                                                                                                                                                                                                        SHA1:66E84AB41910FD7096BFAA03A7ACC09954E8D842
                                                                                                                                                                                                                                                                                        SHA-256:9A508CD4122F2DC1CC39F8AB0B6950EFBC49FB087A581C7177A4B8C9D5D0D6A1
                                                                                                                                                                                                                                                                                        SHA-512:0AD3F1899DD286EF4D58B11CC8A6B10FC0D8077BDBB759883E919F4D3CA5FA720FB8C1AB42184F4ADBE9B9481B80D6AF5C80D7DFD2CE32BE3845DE6E7B24F433
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MIT License..Copyright (c) 2016 Lukas Geiger..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF OR IN CONNEC

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-abi\abi_registry.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2372
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.12231311668483
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:F0Fi0EaX03t0euQ0Jh0hfi0CF0hP0sQ0jQ0W30Px0ax0nK0eU0cG0ejG0Ufh0D:6jyyeAIPf+83FOj1+aetnD
                                                                                                                                                                                                                                                                                        MD5:03665FDFB9273A257773C431321A644B
                                                                                                                                                                                                                                                                                        SHA1:0B3E1371171DC8F3625AD9F83B5992C682913DBA
                                                                                                                                                                                                                                                                                        SHA-256:D06CE08742067D1CC6D344E65789ADEF5FF535C72A2A171D7835F193839FF2D3
                                                                                                                                                                                                                                                                                        SHA-512:9AF62003A3585A633C5396B4445E25C69E96C6C381A400A3E806C5E5B57AEB72777172CFADBE5BCB6457D039CE7D88807EA66ABA4B280074429FB0267F254B9D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:[. {. "runtime": "node",. "target": "11.0.0",. "lts": false,. "future": false,. "abi": "67". },. {. "runtime": "node",. "target": "12.0.0",. "lts": [. "2019-10-21",. "2020-11-30". ],. "future": false,. "abi": "72". },. {. "runtime": "node",. "target": "13.0.0",. "lts": false,. "future": false,. "abi": "79". },. {. "runtime": "node",. "target": "14.0.0",. "lts": [. "2020-10-27",. "2021-10-19". ],. "future": false,. "abi": "83". },. {. "runtime": "node",. "target": "15.0.0",. "lts": false,. "future": false,. "abi": "88". },. {. "runtime": "node",. "target": "16.0.0",. "lts": [. "2021-10-26",. "2022-10-18". ],. "future": false,. "abi": "93". },. {. "abi": "70",. "future": false,. "lts": false,. "runtime": "electron",. "target": "5.0.0-beta.9". },. {. "abi": "73",. "future": false,. "lts": false,. "runtime": "electron",.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-abi\index.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):6391
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.801370315505753
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:BtVY6A5se3a5j0TsnhUchbwdhFdSn0rLm6mnUMXqa0yp2w5I0ZbL5zj7W:a6A51a5osqchbAhn2MLmvnUMXqarp2s8
                                                                                                                                                                                                                                                                                        MD5:E93E5ADCD01557965DC78FAAA30507BE
                                                                                                                                                                                                                                                                                        SHA1:70F50B155A2A3343E4686857C13E6A9399F61DBB
                                                                                                                                                                                                                                                                                        SHA-256:415B4A0BF6AB54EAE4DD4B8A2D907704C44A62BA9528B81FACD6C1397D10C27B
                                                                                                                                                                                                                                                                                        SHA-512:E43DCC4D0733128C64443BE9E3E7104AF9469DC2983BB81BCBC1CE7BDA4D83B59077827B3A149D9943DCC4A048C7294AEFD6652D6435004B78018A754D161944
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:var semver = require('semver')..function getNextTarget (runtime, targets) {. if (targets == null) targets = allTargets. var latest = targets.filter(function (t) { return t.runtime === runtime }).slice(-1)[0]. var increment = runtime === 'electron' ? 'minor' : 'major'. var next = semver.inc(latest.target, increment). // Electron releases appear in the registry in their beta form, sometimes there is. // no active beta line. During this time we need to double bump. if (runtime === 'electron' && semver.parse(latest.target).prerelease.length) {. next = semver.inc(next, 'major'). }. return next.}..function getAbi (target, runtime) {. if (target === String(Number(target))) return target. if (target) target = target.replace(/^v/, ''). if (!runtime) runtime = 'node'.. if (runtime === 'node') {. if (!target) return process.versions.modules. if (target === process.versions.node) return process.versions.modules. }.. var abi.. for (var i = 0; i < allTargets.length; i++) {.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-abi\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):547
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.714182855359528
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:o1Fh+fp6a2bmPapDCFXQapDhVcCNHczdknVF:o1Fh+PiKJrBTn
                                                                                                                                                                                                                                                                                        MD5:24E7D6C909377B04EA0A20539BA9A8FE
                                                                                                                                                                                                                                                                                        SHA1:0F058704F7E1FD55033E2A72A298D2CE27D70E91
                                                                                                                                                                                                                                                                                        SHA-256:841DEC4957A889146D1497C56DEAFA6D45C2AEB810437569204F6913388591E7
                                                                                                                                                                                                                                                                                        SHA-512:4C35B62028CB56B09B7C575ABE6A285D6A4EC30637FAFAA467D4B4E35D0C6D332DA2AA430EE25454C8E783C464026A5FDA3AF0D39C713BCA65769F3FB018351D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "node-abi",. "version": "2.30.1",. "description": "Get the Node ABI for a given target and runtime, and vice versa.",. "main": "index.js",. "repository": {. "type": "git",. "url": "https://github.com/lgeiger/node-abi.git". },. "author": "Lukas Geiger",. "license": "MIT",. "homepage": "https://github.com/lgeiger/node-abi#readme",. "devDependencies": {. "got": "^10.6.0",. "semantic-release": "^15.8.0",. "tape": "^4.6.3",. "travis-deploy-once": "^5.0.1". },. "dependencies": {. "semver": "^5.4.1". }.}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-abi\scripts\update-abi-registry.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3318
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.64376573594981
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:RKQtZtTSvZr86BGUeO///dNBjIPYWTBKC0Li1ht1zXZFFMgu:HP8A5O//YHTZ0Li1ht1LZXI
                                                                                                                                                                                                                                                                                        MD5:D1CE925631846EB36D2C11E28C88697D
                                                                                                                                                                                                                                                                                        SHA1:F121A7A94ABB384689BE6ACFAF54CF63952BD03A
                                                                                                                                                                                                                                                                                        SHA-256:123632D6E5A78C7817B8E99448BB493A0C613EA31FB20DB8DD5A1963AD80C651
                                                                                                                                                                                                                                                                                        SHA-512:7C51B2930E48911B1F23E2A7EBAF096B6AB05E90F30CED80B2FF7D06F5431DE6844A15A8D7FCA3FA5D631E68A6327E0E0AAC307BDDC1313639A90EBD2ED2498D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:const got = require('got').const path = require('path').const semver = require('semver').const { writeFile } = require('fs').promises..async function getJSONFromCDN (urlPath) {. const response = await got(`https://cdn.jsdelivr.net/gh/${urlPath}`). return JSON.parse(response.body).}..async function fetchElectronReleases () {. const response = await got(`https://electronjs.org/headers/index.json`). return JSON.parse(response.body).}..async function fetchNodeVersions () {. const schedule = await getJSONFromCDN('nodejs/Release/schedule.json'). const versions = {}.. for (const [majorVersion, metadata] of Object.entries(schedule)) {. if (majorVersion.startsWith('v0')) {. continue. }. const version = `${majorVersion.slice(1)}.0.0`. const lts = metadata.hasOwnProperty('lts') ? [metadata.lts, metadata.maintenance] : false. versions[version] = {. runtime: 'node',. target: version,. lts: lts,. future: new Date(Date.parse(metadata.start)) > new Date()

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\LICENSE.md

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (460)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1245
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.198916936408371
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:x5c2DpWHr4JHBH0yPP3gtAHw1hl9QHcsUv48Ok4/+dbo3oqxFz:xvVo8JplPvEDvQHcs5ITc3omFz
                                                                                                                                                                                                                                                                                        MD5:0492EF29A9D558A3E9660E7ACCC9CA6A
                                                                                                                                                                                                                                                                                        SHA1:0AEF1FF2A58152DC83BAAA6D5E97E54525C4FF21
                                                                                                                                                                                                                                                                                        SHA-256:4FCF69BBECB999EC8FA0ECE62BC8934B7CDD45061AC1A8B1939A09BE64CD4352
                                                                                                                                                                                                                                                                                        SHA-512:2FF6743661D190A0C7DABF3508D57C0D86C7ECD7B8200577E4EBFD937D3782A15D49F327B81428AFABC706D378C45F20ECA067C084A3376D770D4DFCE0F3E29F
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:The MIT License (MIT).=====================..Copyright (c) 2017 Node.js API collaborators.-----------------------------------..*Node.js API collaborators listed at <https://github.com/nodejs/node-addon-api#collaborators>*..Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT S

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\common.gypi

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):762
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.173881166313352
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:mCtwwcw9LRLCv9cxznCGyNeR0a5VCTze5hsLV2FfWN+AEuQcWnqLpA5Z3MVeZ3ZR:4lwNRWGyNeR0gYSTsLgjAEFn8A5RM2fL
                                                                                                                                                                                                                                                                                        MD5:98F8C21891914449F85FDBEBDE5EE6F2
                                                                                                                                                                                                                                                                                        SHA1:40F91D126351B0FC9FD4F03B33CCA72D952DEFC3
                                                                                                                                                                                                                                                                                        SHA-256:F15742E3019096B85EF3E8985E2FE66C4DDA722908577E113A1B0264893ECCA8
                                                                                                                                                                                                                                                                                        SHA-512:E2254B498E89D972733B3F390010843E924C68AEAB96F6C00CD6B3FB6C447E69ADF3A9B9CAF66ADC9DBC9BB57DFD92873D931A3D2E9FC37D8F934CA5B258BBE0
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. 'variables': {. 'NAPI_VERSION%': "<!(node -p \"process.versions.napi\")",. 'disable_deprecated': "<!(node -p \"process.env['npm_config_disable_deprecated']\")". },. 'conditions': [. ['NAPI_VERSION!=""', { 'defines': ['NAPI_VERSION=<@(NAPI_VERSION)'] } ],. ['disable_deprecated=="true"', {. 'defines': ['NODE_ADDON_API_DISABLE_DEPRECATED']. }],. ['OS=="mac"', {. 'cflags+': ['-fvisibility=hidden'],. 'xcode_settings': {. 'OTHER_CFLAGS': ['-fvisibility=hidden']. }. }]. ],. 'include_dirs': ["<!(node -p \"require('../').include_dir\")"],. 'cflags': [ '-Werror', '-Wall', '-Wextra', '-Wpedantic', '-Wunused-parameter' ],. 'cflags_cc': [ '-Werror', '-Wall', '-Wextra', '-Wpedantic', '-Wunused-parameter' ].}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\except.gypi

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):381
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.033837554185557
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:GeQEILMdDAhhDAIjcWome9I5yz/9aCpI9UxcWLu3KnagPXiLukBJH3:GeUvcWomU2yz/9aYI9QcWLyWaOXwBJ3
                                                                                                                                                                                                                                                                                        MD5:0A0F340CC9A807DBF4F8B706BCAEDAEA
                                                                                                                                                                                                                                                                                        SHA1:03768A848E11C21B33A9EBC43CB337CA146D0C74
                                                                                                                                                                                                                                                                                        SHA-256:DA3A1C3C08FDF60C68D7D8D11EF1C73ADC5D8B73D8AC8D649922109E077A7808
                                                                                                                                                                                                                                                                                        SHA-512:CE0F1D34999FB1E5719CE9ABE6F9A89E8ECCD8AAC80995580927BE6AC39812CFA0BA063AFBE29E001CC3B071F56294F591D948DA32969B070AF3B8BCAB1B5E26
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. 'defines': [ 'NAPI_CPP_EXCEPTIONS' ],. 'cflags!': [ '-fno-exceptions' ],. 'cflags_cc!': [ '-fno-exceptions' ],. 'msvs_settings': {. 'VCCLCompilerTool': {. 'ExceptionHandling': 1,. 'EnablePREfast': 'true',. },. },. 'xcode_settings': {. 'CLANG_CXX_LIBRARY': 'libc++',. 'MACOSX_DEPLOYMENT_TARGET': '10.7',. 'GCC_ENABLE_CPP_EXCEPTIONS': 'YES',. },.}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\index.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):296
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.884319320380166
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:FcPA3WV4OTfL6RTBSElAbEgjZ2JwKjlA3tVe36mipE0kT:C43WeM6RTBiggjs/u3tM3tiefT
                                                                                                                                                                                                                                                                                        MD5:B6CC90D5B932A30E0F0CCC50AD604B14
                                                                                                                                                                                                                                                                                        SHA1:8ADC616FC0A9AEBDFCE536AA9BF7E552FAFDC403
                                                                                                                                                                                                                                                                                        SHA-256:6528E924B31E091C3243132FE713EA0F1FA6362FFAA3C2DD09D12670DB6B60DC
                                                                                                                                                                                                                                                                                        SHA-512:11C964D1B60030C9F750EBF078F46836238B4D4334BBBF1A85F32C759111EA6099FAC1C827C88A17B8D17876583EEA357DAD2D55F3CBBAC14690A58CD0CBEC5D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:const path = require('path');..const include_dir = path.relative('.', __dirname);..module.exports = {. include: `"${__dirname}"`, // deprecated, can be removed as part of 4.0.0. include_dir,. gyp: path.join(include_dir, 'node_api.gyp:nothing'),. isNodeApiBuiltin: true,. needsFlag: false.};.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\napi-inl.deprecated.h

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):7251
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.9808680664415825
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:yLK7W38K7G5Cxi97aYYiFi97avutoz7ShthXz7DP:yL+W38+GwxiJMiFiJoutoncthXnDP
                                                                                                                                                                                                                                                                                        MD5:9449D419B251F86FBFE7A48795347026
                                                                                                                                                                                                                                                                                        SHA1:3B05F270E067B03608BA2479CAE3B0F04307EFF9
                                                                                                                                                                                                                                                                                        SHA-256:96AFB169FD8AF899DDCADC102EA137E3CD253C13B8862CB11BD58601FE2A5F90
                                                                                                                                                                                                                                                                                        SHA-512:2B2797394C59CAC5B73E6E39604E4EE5A51E6624F55426FB5FC125A1F29EC0FD9B0B3C2A4715E7B9475F814D364D684A1655ACC68D34DE89795475420BE9544F
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#ifndef SRC_NAPI_INL_DEPRECATED_H_.#define SRC_NAPI_INL_DEPRECATED_H_..////////////////////////////////////////////////////////////////////////////////.// PropertyDescriptor class.////////////////////////////////////////////////////////////////////////////////..template <typename Getter>.inline PropertyDescriptor.PropertyDescriptor::Accessor(const char* utf8name,. Getter getter,. napi_property_attributes attributes,. void* /*data*/) {. using CbData = details::CallbackData<Getter, Napi::Value>;. // TODO: Delete when the function is destroyed. auto callbackData = new CbData({ getter, nullptr });.. return PropertyDescriptor({. utf8name,. nullptr,. nullptr,. CbData::Wrapper,. nullptr,. nullptr,. attributes,. callbackData. });.}..template <typename Getter>.inline PropertyDescriptor PropertyDescriptor::Accessor(const std::string& utf8name,.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\napi-inl.h

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):186981
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.897196625190984
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:AvFd56vtQpuE/wnOFGS0VJnwZFW19wOKEcDRzbfG62w7Nvx38yZXobBHbtR7VX3x:S6vtQpuE/wnOFGS0VJnwZFW19wOKEcDk
                                                                                                                                                                                                                                                                                        MD5:2CEE9A214A79B9D8C7D472FD896CBAD3
                                                                                                                                                                                                                                                                                        SHA1:194F76484E58746A25C1059E123B1FA37EBB71F5
                                                                                                                                                                                                                                                                                        SHA-256:732F3D74B7C64C761A989455BCA127D9C384651264AB27E5009D0BC78882BF81
                                                                                                                                                                                                                                                                                        SHA-512:88319846081CADE57DAC7FBD85B8BD4D2F365F8401E9703D83FB3D0DD474F21772BD83A265CB14012DEF6E70CB6D26E7D112C11C592B343B82F64FE82665D339
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#ifndef SRC_NAPI_INL_H_.#define SRC_NAPI_INL_H_..////////////////////////////////////////////////////////////////////////////////.// Node-API C++ Wrapper Classes.//.// Inline header-only implementations for "Node-API" ABI-stable C APIs for.// Node.js..////////////////////////////////////////////////////////////////////////////////..// Note: Do not include this file directly! Include "napi.h" instead...#include <algorithm>.#include <cstring>.#include <mutex>.#include <type_traits>..namespace Napi {..// Helpers to handle functions exposed from C++..namespace details {..// Attach a data item to an object and delete it when the object gets.// garbage-collected..// TODO: Replace this code with `napi_add_finalizer()` whenever it becomes.// available on all supported versions of Node.js..template <typename FreeType>.static inline napi_status AttachData(napi_env env,. napi_value obj,. FreeType* data,.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\napi.h

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):111175
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.531542944884292
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:+cT0Ce3ffEBK6uRkLHUjKirLviDpKV5rtqBwKKgqzC9QeTgEzK7sKwDK73KbD0KJ:H0F3e6KirLviD85rtqBwh0gE8I6WDdMG
                                                                                                                                                                                                                                                                                        MD5:B59FA48B954ADC35A55A508082DA0E5C
                                                                                                                                                                                                                                                                                        SHA1:6F85F0DAF46E606933B6033CD3DB5B80EFEDA429
                                                                                                                                                                                                                                                                                        SHA-256:1084A55623F0357F42FF55918BDD960C226FD90DDD1815B55CE094E55486689E
                                                                                                                                                                                                                                                                                        SHA-512:4AC95F06A6B905FB94221607482EA712BEA0CF3CBAD9DD3C855A0256F2C908BF0E0467C66A8A74DDF16A0F6E26DFDE203BB186852922B53EE7ED090E1172F0BD
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#ifndef SRC_NAPI_H_.#define SRC_NAPI_H_..#include <node_api.h>.#include <functional>.#include <initializer_list>.#include <memory>.#include <mutex>.#include <string>.#include <vector>..// VS2015 RTM has bugs with constexpr, so require min of VS2015 Update 3 (known good version).#if !defined(_MSC_VER) || _MSC_FULL_VER >= 190024210.#define NAPI_HAS_CONSTEXPR 1.#endif..// VS2013 does not support char16_t literal strings, so we'll work around it using wchar_t strings.// and casting them. This is safe as long as the character sizes are the same..#if defined(_MSC_VER) && _MSC_VER <= 1800.static_assert(sizeof(char16_t) == sizeof(wchar_t), "Size mismatch between char16_t and wchar_t");.#define NAPI_WIDE_TEXT(x) reinterpret_cast<char16_t*>(L ## x).#else.#define NAPI_WIDE_TEXT(x) u ## x.#endif..// If C++ exceptions are not explicitly enabled or disabled, enable them.// if exceptions were enabled in the compiler settings..#if !defined(NAPI_CPP_EXCEPTIONS) && !defined(NAPI_DISABLE_CPP_EXCEPTIONS).

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\node_api.gyp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):132
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.010854302019321
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:S9Wcz/t969fFIKNKFNFt5wDAvXFuCGQj+mGsFFFiCYv:S9Wa96aFd5UJmhKbv
                                                                                                                                                                                                                                                                                        MD5:FCEC1557AC47891385AE1F67E6DA343A
                                                                                                                                                                                                                                                                                        SHA1:E361D3A3BE19E802820F2FE59BFDF7C9EF72FC74
                                                                                                                                                                                                                                                                                        SHA-256:3CD2C44FB0974F016376B676D46BBEBBCA7C89D4383B09ECE30E4CB4122A1499
                                                                                                                                                                                                                                                                                        SHA-512:43715845F701ABDC09FE59D33E3F61E19278ABBACB122EDAF1B26DE55BD80B3354B76D5616905C8038EB6158C3399162B40A73742B7E4C733B3AC187E9DB0AA3
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. 'targets': [. {. 'target_name': 'nothing',. 'type': 'static_library',. 'sources': [ 'nothing.c' ]. }. ].}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\noexcept.gypi

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):386
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.035056853339696
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:GeQEPs7VmQyDAhGFDAIjcWome9I5ys9aCpI9UxcWLu3KnagPXiLukV:GeTs7VmpcWomU2ys9aYI9QcWLyWaOXwV
                                                                                                                                                                                                                                                                                        MD5:E930234C43421C4646A6E97CA67C4A51
                                                                                                                                                                                                                                                                                        SHA1:E95ED77F1DE8896691D2AD75290F39E89C51F845
                                                                                                                                                                                                                                                                                        SHA-256:780402B7ACD03EA966DE2F89F08A13FDE81ACE1B498B748621F908478F3778B0
                                                                                                                                                                                                                                                                                        SHA-512:60644B83C2B550F329516EF3D5A80E80CE73436BA2BA017E445BA2D6B99C117051A46F0AC96021EA636ED516074DC5F61AF65323C83D5626D5F74BC41EE0A7A5
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. 'defines': [ 'NAPI_DISABLE_CPP_EXCEPTIONS' ],. 'cflags': [ '-fno-exceptions' ],. 'cflags_cc': [ '-fno-exceptions' ],. 'msvs_settings': {. 'VCCLCompilerTool': {. 'ExceptionHandling': 0,. 'EnablePREfast': 'true',. },. },. 'xcode_settings': {. 'CLANG_CXX_LIBRARY': 'libc++',. 'MACOSX_DEPLOYMENT_TARGET': '10.7',. 'GCC_ENABLE_CPP_EXCEPTIONS': 'NO',. },.}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\package-support.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):467
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.019589958784576
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:lQS1kS0NwPpUjCAnqHZmA/yOQzFwWJBBzz5WQrBy+qkZGx5WKvNCL1e9TuPi1/zL:d1d0Nc0qKRzrnP5WI8+8x5W5eTT9v
                                                                                                                                                                                                                                                                                        MD5:33E3FB94807BCD5102535F476C6A46A8
                                                                                                                                                                                                                                                                                        SHA1:DEDC07E9973F104E29D2EEE9AD3468B0F40DD620
                                                                                                                                                                                                                                                                                        SHA-256:B1CB7DA23CCA1681C7392A3C889EB0CC4916C53D2D7692D4B654AE751F3442F3
                                                                                                                                                                                                                                                                                        SHA-512:BBC762C8886EC78FD889B46ABFD9F9ACA7F5D2CADBF9676F6A010026D4056CAA076516380B3C0737C61962E8BB5B0555095DD0386C99D9DA773C200CFA130755
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "versions": [. {. "version": "*",. "target": {. "node": "active". },. "response": {. "type": "time-permitting",. "paid": false,. "contact": {. "name": "node-addon-api team",. "url": "https://github.com/nodejs/node-addon-api/issues". }. },. "backing": [ { "project": "https://github.com/nodejs" },. { "foundation": "https://openjsf.org/" }. ]. }. ].}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):708
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.80181350537697
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:m6fItW6KgQlsn8r1gk4h5WIK6a2VsRHbmF25WIYkVG38S/Fq1pku:m6kW6F8JrIWxR68W3Md12u
                                                                                                                                                                                                                                                                                        MD5:B269C0C8F3FCD34CB1BBC2195E7FABF8
                                                                                                                                                                                                                                                                                        SHA1:4F2BCBC0135EE4134B1D6CEF8F1A3315C758993E
                                                                                                                                                                                                                                                                                        SHA-256:0A7592650577085C907CA83AAB56648EB56466097CE59028FE6FBF71DBD71F21
                                                                                                                                                                                                                                                                                        SHA-512:F457D1E30B8B339FC6C375BA6D787CD587C8F7B7789D7EF1576120C5F7355A6D8B84C8C7D954056B13EB9235BAFD12998F371F2FFC7F2DF535E494CEAD328444
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "description": "Node.js API (Node-API)",. "devDependencies": {. "benchmark": "^2.1.4",. "bindings": "^1.5.0",. "clang-format": "^1.4.0",. "fs-extra": "^9.0.1",. "pre-commit": "^1.2.2",. "safe-buffer": "^5.1.1". },. "directories": {},. "gypfile": false,. "homepage": "https://github.com/nodejs/node-addon-api",. "license": "MIT",. "main": "index.js",. "name": "node-addon-api",. "optionalDependencies": {},. "readme": "README.md",. "repository": {. "type": "git",. "url": "git://github.com/nodejs/node-addon-api.git". },. "files": [. "*.{c,h,gyp,gypi}",. "package-support.json",. "tools/". ],. "pre-commit": "lint",. "version": "3.2.1",. "support": true.}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\tools\README.md

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (339)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3217
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.926428555338531
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:3ZLLUOJJN8urv5xC6YiOCNGtALdb8sbgn14vghToliQejA5dfUeUAhgjLMGKxMRw:3xL3ePvGgn1PEPUJ4ILLKw/Hdyf
                                                                                                                                                                                                                                                                                        MD5:34143C24D232AC62205EC0B7601CB109
                                                                                                                                                                                                                                                                                        SHA1:3DECBDEED6F0C742925A5BE9B78F5251A4C0B569
                                                                                                                                                                                                                                                                                        SHA-256:65E9EA918538F453166B10A1D609CF44CEC3D2D01F23FECB5265FB3A4BF303D5
                                                                                                                                                                                                                                                                                        SHA-512:07DAD1D9C5C618AFC5FE2B8183EA40DB0CD736E0600BA8BDE4F38DB726D85E277C460140EF312C91A748A208FFA72283BE01A224F976F3421F144A2977EA4B2F
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:# Tools..## clang-format..The clang-format checking tools is designed to check changed lines of code compared to given git-refs...## Migration Script..The migration tool is designed to reduce repetitive work in the migration process. However, the script is not aiming to convert every thing for you. There are usually some small fixes and major reconstruction required...### How To Use..To run the conversion script, first make sure you have the latest `node-addon-api` in your `node_modules` directory..```.npm install node-addon-api.```..Then run the script passing your project directory.```.node ./node_modules/node-addon-api/tools/conversion.js ./.```..After finish, recompile and debug things that are missed by the script....### Quick Fixes.Here is the list of things that can be fixed easily.. 1. Change your methods' return value to void if it doesn't return value to JavaScript.. 2. Use `.` to access attribute or to invoke member function in Napi::Object instead of `->`.. 3. `Napi::New

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\tools\check-napi.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3210
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.725163839814415
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:xDAt4XvYzVlBcaiQLOiQQK2HjaR5D/v/l:xE4AzZcaiQaiQQ9HjafDHt
                                                                                                                                                                                                                                                                                        MD5:E0319363C4E8D95A44A00BF037061414
                                                                                                                                                                                                                                                                                        SHA1:2E3895647CCDB1D20EEA6C325D32F7E12F4D7F2C
                                                                                                                                                                                                                                                                                        SHA-256:F3264FD3F9DD9BC3E051CDCF72125D34617B2B06B914C49F1E1297E53CFD524B
                                                                                                                                                                                                                                                                                        SHA-512:3555A6F001DC983EAEB6F63368DC7C6C3962003B73F15991112E16E8942B90B83F8AA83E16AE35EB076DB9422924B9AAC00D7AD312B27589B10264FC249B3915
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict';.// Descend into a directory structure and, for each file matching *.node, output.// based on the imports found in the file whether it's an N-API module or not...const fs = require('fs');.const path = require('path');.const child_process = require('child_process');..// Read the output of the command, break it into lines, and use the reducer to.// decide whether the file is an N-API module or not..function checkFile(file, command, argv, reducer) {. const child = child_process.spawn(command, argv, {. stdio: ['inherit', 'pipe', 'inherit']. });. let leftover = '';. let isNapi = undefined;. child.stdout.on('data', (chunk) => {. if (isNapi === undefined) {. chunk = (leftover + chunk.toString()).split(/[\r\n]+/);. leftover = chunk.pop();. isNapi = chunk.reduce(reducer, isNapi);. if (isNapi !== undefined) {. child.kill();. }. }. });. child.on('close', (code, signal) => {. if ((code === null && signal !== null) || (code !== 0)) {.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\tools\clang-format.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:a /usr/bin/env node script, ASCII text executable
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1912
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.997300011341668
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:5OFy40fh7lALJWy01veQtU9eky2Jm2Jepo/ljI0PIWa:kFmVy01veQIbtJjIyIWa
                                                                                                                                                                                                                                                                                        MD5:0E9D1C651C03536F6C961FCBF939778E
                                                                                                                                                                                                                                                                                        SHA1:F9899A415350DDDD7F894AA037627434DBD157B0
                                                                                                                                                                                                                                                                                        SHA-256:F046340B3D14125BDFD6BF72AF97A14967E8BC78816FCECC4DF2DB15F7472FA4
                                                                                                                                                                                                                                                                                        SHA-512:B6DC12DD65DB5954C8BD43E371415877EC0A8FDC4395F8A92835F9780156DBB34A808127B6C11017DB7659784E246F5476280B82A6CD9531202561834BCD102D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#!/usr/bin/env node..const spawn = require('child_process').spawnSync;.const path = require('path');..const filesToCheck = ['*.h', '*.cc'];.const CLANG_FORMAT_START = process.env.CLANG_FORMAT_START || 'main';..function main(args) {. let fix = false;. while (args.length > 0) {. switch (args[0]) {. case '-f':. case '--fix':. fix = true;. default:. }. args.shift();. }.. let clangFormatPath = path.dirname(require.resolve('clang-format'));. const options = ['--binary=node_modules/.bin/clang-format', '--style=file'];. if (fix) {. options.push(CLANG_FORMAT_START);. } else {. options.push('--diff', CLANG_FORMAT_START);. }.. const gitClangFormatPath = path.join(clangFormatPath,. 'bin/git-clang-format');. const result = spawn('python', [. gitClangFormatPath,. ...options,. '--',. ...filesToCheck. ], { encoding: 'utf-8' });.. if (result.stderr) {. console.error('Error running git-clang-format:', result.stderr);. return 2;. }..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\tools\conversion.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:a /usr/bin/env node script, ASCII text executable, with very long lines (454)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):15275
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.515853837423564
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:85F2BOFlkjlyVK3y+lonvzINqXw29FjNqSL/8KC0VKNfbanDrQ6gy12R3NuO03Mp:G8a2LgvEFvKWjpPGCtBINjo
                                                                                                                                                                                                                                                                                        MD5:3F6FE59495A8968E296547DBADE7C73B
                                                                                                                                                                                                                                                                                        SHA1:1C603B7606A5F36515CEC6781DB65BAB8BB0864F
                                                                                                                                                                                                                                                                                        SHA-256:DF2F681BDB4A1DAC5FAF7FA70A60DACE4DD12CE0B9964EFFCEE56A43F693FC6C
                                                                                                                                                                                                                                                                                        SHA-512:CFBEA2B2ACF0AE37C6F50DF8A5F2CC96F54F480C05655BA5D8D5AE0E59E34315F0D71082EF3E5A7AB8B6CD38EA8F621C9AA137DF7E9086E1B5DDE486E49ED52B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#! /usr/bin/env node..'use strict'..const fs = require('fs');.const path = require('path');..const args = process.argv.slice(2);.const dir = args[0];.if (!dir) {. console.log('Usage: node ' + path.basename(__filename) + ' <target-dir>');. process.exit(1);.}..const NodeApiVersion = require('../package.json').version;..const disable = args[1];.if (disable != "--disable" && dir != "--disable") {. var ConfigFileOperations = {. 'package.json': [. [ /([ ]*)"dependencies": {/g, '$1"dependencies": {\n$1 "node-addon-api": "' + NodeApiVersion + '",'],. [ /[ ]*"nan": *"[^"]+"(,|)[\n\r]/g, '' ]. ],. 'binding.gyp': [. [ /([ ]*)'include_dirs': \[/g, '$1\'include_dirs\': [\n$1 \'<!(node -p "require(\\\'node-addon-api\\\').include_dir")\',' ],. [ /([ ]*)"include_dirs": \[/g, '$1"include_dirs": [\n$1 "<!(node -p \\"require(\'node-addon-api\').include_dir\\")",' ],. [ /[ ]*("|')<!\(node -e ("|'|\\"|\\')require\(("|'|\\"|\\')nan("|'|\\"|\\')\)("|'|\\"|\\')\)("

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\npmlog\LICENSE

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):765
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.999520559493967
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:9FM9Z7TES4dCPXeTbbtLgmq6KX9KsA8dXsrUXA3+PPRz2AvzT3kEmy2CKrK2PF3t:9SZvICCtEmq6s9iOnc4PRnA+KpF3ew
                                                                                                                                                                                                                                                                                        MD5:82703A69F6D7411DDE679954C2FD9DCA
                                                                                                                                                                                                                                                                                        SHA1:BB408E929CAEB1731945B2BA54BC337EDB87CC66
                                                                                                                                                                                                                                                                                        SHA-256:4EC3D4C66CD87F5C8D8AD911B10F99BF27CB00CDFCFF82621956E379186B016B
                                                                                                                                                                                                                                                                                        SHA-512:3FA748E59FB3AF0C5293530844FAA9606D9271836489D2C8013417779D10CC180187F5E670477F9EC77D341E0EF64EAB7DCFB876C6390F027BC6F869A12D0F46
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:The ISC License..Copyright (c) Isaac Z. Schlueter and Contributors..Permission to use, copy, modify, and/or distribute this software for any.purpose with or without fee is hereby granted, provided that the above.copyright notice and this permission notice appear in all copies...THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES.WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF.MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR.ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES.WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN.ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR.IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\npmlog\log.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8615
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.881838710896137
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:opkHx37aCsMqlKs8WMmVfL22cTUC9BjovPmCCH70uHSju:opsx37a3Mm5LRcYC9BjQmn0pu
                                                                                                                                                                                                                                                                                        MD5:A799970B64E503E7AFBF5132019E1D9E
                                                                                                                                                                                                                                                                                        SHA1:570812E6EA9FB88545F80B5CABA303417959CF31
                                                                                                                                                                                                                                                                                        SHA-256:569279CAE3FBDADC4B5346B515A4699F2EF64533AD05F52AEFDFBC8EF3D804F4
                                                                                                                                                                                                                                                                                        SHA-512:1EB2BECEB02BA313B81C0C48DE8A1F8A1440F5777CFEBD5F53D821D9F69263F6DA03FB8EA3A86F2715C92D6DE1CBB2B81E562CE23DECB2A4C1E80D4026EE570F
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'.var Progress = require('are-we-there-yet').var Gauge = require('gauge').var EE = require('events').EventEmitter.var log = exports = module.exports = new EE().var util = require('util')..var setBlocking = require('set-blocking').var consoleControl = require('console-control-strings')..setBlocking(true).var stream = process.stderr.Object.defineProperty(log, 'stream', {. set: function (newStream) {. stream = newStream. if (this.gauge) this.gauge.setWriteTo(stream, stream). },. get: function () {. return stream. }.})..// by default, decide based on tty-ness..var colorEnabled.log.useColor = function () {. return colorEnabled != null ? colorEnabled : stream.isTTY.}..log.enableColor = function () {. colorEnabled = true. this.gauge.setTheme({hasColor: colorEnabled, hasUnicode: unicodeEnabled}).}.log.disableColor = function () {. colorEnabled = false. this.gauge.setTheme({hasColor: colorEnabled, hasUnicode: unicodeEnabled}).}..// default level.log.level = 'info'..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\npmlog\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):532
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.724251851458114
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:CdrLTJ711XbmPdChvQALfNZXeb2U00LLURknZY:C9nJ711KAzJFO/URn
                                                                                                                                                                                                                                                                                        MD5:E815B193023571EA55E3DBD4F39AFC05
                                                                                                                                                                                                                                                                                        SHA1:7E66C97CD802E1FE30F31BC9B4144212A8C8A5F6
                                                                                                                                                                                                                                                                                        SHA-256:842A32E35AA2DD52CFC30DF9DDB4AFB344BFA29AD6D5831117C1B69478E80261
                                                                                                                                                                                                                                                                                        SHA-512:8F67B293A53DE478FD024D38889877FB95E5794CD7E4DECE78C301B3132903235A160762A2E8E08718356CB992B4A16EBDAC43232FA0524CB5C687D42BF86B95
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "author": "Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me/)",. "name": "npmlog",. "description": "logger for npm",. "version": "4.1.2",. "repository": {. "type": "git",. "url": "https://github.com/npm/npmlog.git". },. "main": "log.js",. "files": [. "log.js". ],. "dependencies": {. "are-we-there-yet": "~1.1.2",. "console-control-strings": "~1.1.0",. "gauge": "~2.7.3",. "set-blocking": "~2.0.0". },. "devDependencies": {. "standard": "~7.1.2",. "tap": "~5.7.3". },. "license": "ISC".}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\CONTRIBUTING.md

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):218
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.322426370605077
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:SpAEZQ5vtDbFNRXFmROKzjndGsgzNRUnbQ5f5xvn:cQ5vdFDVmROnht5pn
                                                                                                                                                                                                                                                                                        MD5:67B923160006CD88EDB55FFE8A46DFFF
                                                                                                                                                                                                                                                                                        SHA1:B5A2E842825EE76BDD31917BD301BE00609BE343
                                                                                                                                                                                                                                                                                        SHA-256:E65A6C8971149D9C0BC4721CEDCF99F86EC37DF9FA7BDF28858EE4D59383C7BB
                                                                                                                                                                                                                                                                                        SHA-512:658F30EADA0B62D65FD4D224CF1F71391C5CA34B7C000CF417B3382A1461BD2A513BA30D4B2CED0D2A2518D959F797F496684928F7B1FDBA5B1919B2B89F7819
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:# Contributing to prebuild..- no commits direct to master.- all commits as pull requests (one or several per PR).- each commit solves one identifiable problem.- never merge one's own PRs, another contributor does this.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\LICENSE

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1079
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.10194304910543
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:bErmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5n:bEaJHlxE35QHOs5exm3ogF5n
                                                                                                                                                                                                                                                                                        MD5:A75272C6B584D0F8E2C1676B4E72469E
                                                                                                                                                                                                                                                                                        SHA1:1EB8D0AA18D82D626FC09DFED59211F098199C4C
                                                                                                                                                                                                                                                                                        SHA-256:0AA9ADD6A9158EFAD3E6649E3AFFD607C7E2629F6677AF19F9988C8FBB0757B0
                                                                                                                                                                                                                                                                                        SHA-512:097B288BD37DCC88745FE99DDA219F0C7941A21E1AB0DE17A9F1F0B874C66C08110F479809C4BFA291464BCD426C1B964B8CADFD999D79D59AE9153B8F70CACA
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:The MIT License (MIT)..Copyright (c) 2015 Mathias Buus..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF OR

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\asset.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1199
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.689758173954727
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:kkI9NXaHInW/BdiXSX2wemRbfkHyyzld9179lXP+MjpwRyafHe8TuB3:kvNX/8iXSXXHRbfqzJ1j2Mj+Ryaf9TuZ
                                                                                                                                                                                                                                                                                        MD5:772C336C8DF39BBB693376752E53D3FC
                                                                                                                                                                                                                                                                                        SHA1:69E88A047FBC29AD98096ABDAA7088A9695134C9
                                                                                                                                                                                                                                                                                        SHA-256:EAF588F4FBC5113F0C6FDF0EBB1C4639AAC8006A61EDFB786EF9623C0910DFAB
                                                                                                                                                                                                                                                                                        SHA-512:6272403EFCC4D80A5EB0B9F36F96C178378365E70DD75DD5D33E3828FFFB5AE99E0606214AB0FA5848CC883E9A29DD6F563C371B3C743AD4142BC9F72BBC2CC9
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:var get = require('simple-get').var util = require('./util').var proxy = require('./proxy').var noop = Object.assign({. http: function () {},. silly: function () {}.}, require('noop-logger'))..function findAssetId (opts, cb) {. var downloadUrl = util.getDownloadUrl(opts). var apiUrl = util.getApiUrl(opts). var log = opts.log || noop.. log.http('request', 'GET ' + apiUrl). var reqOpts = proxy({. url: apiUrl,. json: true,. headers: {. 'User-Agent': 'simple-get',. Authorization: 'token ' + opts.token. }. }, opts).. var req = get.concat(reqOpts, function (err, res, data) {. if (err) return cb(err). log.http(res.statusCode, apiUrl). if (res.statusCode !== 200) return cb(err).. // Find asset id in release. for (var release of data) {. if (release.tag_name === opts['tag-prefix'] + opts.pkg.version) {. for (var asset of release.assets) {. if (asset.browser_download_url === downloadUrl) {. return cb(null, asset.id).

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\bin.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:a /usr/bin/env node script, ASCII text executable
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2572
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.94794152545113
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:lM0dKfmyoQO2RkgZKEuAg5kXB3AALcFMc3Fgxo6f1n:+WyoQ92D5kRwAGFuxf1
                                                                                                                                                                                                                                                                                        MD5:C0FB897B9772E5878494F25B166AFDEE
                                                                                                                                                                                                                                                                                        SHA1:05FFC4DC61A71C97820D5EC41FDD772FC4DC3E05
                                                                                                                                                                                                                                                                                        SHA-256:956A373D8F685EB08963A52B111523BC4E843156D14FC18EA813DC5488654648
                                                                                                                                                                                                                                                                                        SHA-512:EDCAD4AE84C599E50EF40D9173C14FF19F2FDD1ADDB95F0D30E707ED3D8A484BDD8126B772E250BC3498C9DB51E03C59207DEA799E87BB3B8194938BA158C7A2
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#!/usr/bin/env node..var path = require('path').var fs = require('fs').var whichPmRuns = require('which-pm-runs').var napi = require('napi-build-utils')..var pkg = require(path.resolve('package.json')).var rc = require('./rc')(pkg).var log = require('./log')(rc, process.env).var download = require('./download').var asset = require('./asset').var util = require('./util')..var prebuildClientVersion = require('./package.json').version.if (rc.version) {. console.log(prebuildClientVersion). process.exit(0).}..if (rc.path) process.chdir(rc.path)..if (rc.runtime === 'electron' && rc.target[0] === '4' && rc.abi === '64') {. log.error(`Electron version ${rc.target} found - skipping prebuild-install work due to known ABI issue`). log.error('More information about this issue can be found at https://github.com/lgeiger/node-abi/issues/54'). process.exit(1).}..if (!fs.existsSync('package.json')) {. log.error('setup', 'No package.json found. Aborting...'). process.exit(1).}..if (rc.help) {. c

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\download.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3659
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.549912994582875
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:zkxXntAKsnrKi4SXnItnueH7npHnefaJTXrc9en8WKhv6R7MItCDG8c56xBIS/YO:zkxWKlcXIoeIfIbrovH3OgxBF/VmNI
                                                                                                                                                                                                                                                                                        MD5:F9FFB1B8146E8B9AB6E8479423C39525
                                                                                                                                                                                                                                                                                        SHA1:532CEBB5FE95F786A4C7399D43510D1B65ED41CC
                                                                                                                                                                                                                                                                                        SHA-256:821D285E38D169367C2A789C33BBB8DCA45842B485AE8CA7802221B7D177529B
                                                                                                                                                                                                                                                                                        SHA-512:BE84AE6843B0385A78D21E26AF6814EC55C890845B1AAD5248D50298B57627B1E68BDDC8FE5BF33D315483303B6C9C1F85B5572F3E975AD0D9844588051C6CEE
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:var path = require('path').var fs = require('fs').var get = require('simple-get').var pump = require('pump').var tfs = require('tar-fs').var noop = Object.assign({. http: function () {},. silly: function () {}.}, require('noop-logger')).var zlib = require('zlib').var util = require('./util').var error = require('./error').var proxy = require('./proxy').var mkdirp = require('mkdirp-classic')..function downloadPrebuild (downloadUrl, opts, cb) {. var cachedPrebuild = util.cachedPrebuild(downloadUrl). var tempFile = util.tempFile(cachedPrebuild). var log = opts.log || noop.. ensureNpmCacheDir(function (err) {. if (err) return onerror(err).. log.info('looking for cached prebuild @', cachedPrebuild). fs.access(cachedPrebuild, fs.R_OK | fs.W_OK, function (err) {. if (!(err && err.code === 'ENOENT')) {. log.info('found cached prebuild'). return unpack(). }.. log.http('request', 'GET ' + downloadUrl). var reqOpts = proxy({ url: downloadUrl }, opt

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\error.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):355
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.591313932276839
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:4ibAkYK4XjqEec46K/yEpYGk5JF4hGNJKCO694cDW7PT4z/YQoAikcW7DS7+XHT/:4ibAVK4mEJb9GkVAaJ1DujQoVFWnV/
                                                                                                                                                                                                                                                                                        MD5:4320056F238CC656471B0120A4AF3225
                                                                                                                                                                                                                                                                                        SHA1:656836BDE7DC93828D0BE4DEA45FC881E959760A
                                                                                                                                                                                                                                                                                        SHA-256:0DF3FA571A7FB2563113D8A7EA83C79E769830ABBE7B5D5D9CD430C3EA893F68
                                                                                                                                                                                                                                                                                        SHA-512:5F0342B5FE766A3CA2A676BFDFA79723E665974C62E66B29F61D12886692C019D204E5D083B32B5A7FD09AE25BA1291194C64AB36838ACA8C4CBEE1BF13D7AE1
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:exports.noPrebuilts = function (opts) {. return new Error([. 'No prebuilt binaries found',. '(target=' + opts.target,. 'runtime=' + opts.runtime,. 'arch=' + opts.arch,. 'libc=' + opts.libc,. 'platform=' + opts.platform + ')'. ].join(' ')).}..exports.invalidArchive = function () {. return new Error('Missing .node file in archive').}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\help.txt

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):867
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.001431435023458
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:iDz6kMcTzVXtuT5DYVPmFODU2FqwxFIPmfFUHkFJmHFFfqvEdoLz6D:AgKJXiYtmFODU2fxFItKmHFFVoY
                                                                                                                                                                                                                                                                                        MD5:0574682A179DCD25900A9DF65263355A
                                                                                                                                                                                                                                                                                        SHA1:B0903E2F8021CE13F354334B535A7A45AC187430
                                                                                                                                                                                                                                                                                        SHA-256:3B5FA5A617794D21DB4189EFC8EB6A2B1C0DA006B2A3C45BBBD1C0140229152B
                                                                                                                                                                                                                                                                                        SHA-512:5D98C73B40F861F10F486CC1901E61F03EBE20F17F4969BB000108A6A5CBA64874D9CCB35CC4ABA34E123EB7DC3A47E0460715DF615E61716A6E78D5D6321ACA
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:prebuild-install [options].. --download -d [url] (download prebuilds, no url means github). --target -t version (version to install for). --runtime -r runtime (Node runtime [node or electron] to build or install for, default is node). --path -p path (make a prebuild-install here). --token -T gh-token (github token for private repos). --tag-prefix <prefix> (github tag prefix, default is "v"). --force (always use prebuilt binaries when available). --build-from-source (skip prebuild download). --verbose (log verbosely). --libc (use provided libc rather than system default). --debug (set Debug or Release configuration). --version (print prebuild-install version and exit).

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\index.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.305858944160431
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:4ivS9KYoT+uMvn:4icrHDv
                                                                                                                                                                                                                                                                                        MD5:5C197F124F738945987648084DA3C34B
                                                                                                                                                                                                                                                                                        SHA1:C726419F448DD711EC6AD7E098500C9953247604
                                                                                                                                                                                                                                                                                        SHA-256:51C1DAE166A7DA3717CC50BA36118C12F5351FF07A7D23D6DD53828BD857F5B6
                                                                                                                                                                                                                                                                                        SHA-512:CABD71AEEC190B626568271345D0900B64E2F63F2FEB32FD98234CEB281D07A6A8EC614AD025791288617DE3FF63DA0FD6EE78BF48CF667D4C9F915447E3F070
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:exports.download = require('./download').

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\log.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):232
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.471367620406736
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:qmKEqBBlNroCi5Jzy3FMMWy3nJs/yEunJso+/xf:tK3BBXra569vJyLuJ5+/xf
                                                                                                                                                                                                                                                                                        MD5:B970F7DAB67D35D1046B1584663C3EB4
                                                                                                                                                                                                                                                                                        SHA1:9E9CCEA81BB9429C9D3D56F7976CE48C2A92B678
                                                                                                                                                                                                                                                                                        SHA-256:16C9E18A9B5409BFCF499096122D950E81B65F02E6B5305E9B3F014FEDB21EFA
                                                                                                                                                                                                                                                                                        SHA-512:CB8F04920C3570C3823F4048033B452BFA8AC0BD94C3766C3233D470665C61694B69218B4CF3C798E8AD7E830637E1D2B9D4820A0A31C0B5B50B059DE7F818CB
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:var log = require('npmlog')..module.exports = function (rc, env) {. log.heading = 'prebuild-install'.. if (rc.verbose) {. log.level = 'verbose'. } else {. log.level = env.npm_config_loglevel || 'notice'. }.. return log.}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1103
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.718888556408363
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:4DX1JX+2s7kgWllhu4hpks82ia0d2q/Ktsnrol:mBvs7kg+pkUiadio
                                                                                                                                                                                                                                                                                        MD5:FDFBA6758FE276F4FF490D422D6DB0CB
                                                                                                                                                                                                                                                                                        SHA1:7ECDC93BB05AC8F95E6BF3C65B91BEF65B37A90F
                                                                                                                                                                                                                                                                                        SHA-256:3004CE32CD3CB6084FCAAED7A46130FB6F24B94A6C4B86E326CBAE6247C94032
                                                                                                                                                                                                                                                                                        SHA-512:4AB06F7B1EBC6BA313BB1BACE57CB502770C0D7C71F5C5C81A1C37394A21AED76D55BE92C4FC7ECFC55B7A47279AE2E8093208B0FFEAA7AD405133B7D1519EE1
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "prebuild-install",. "version": "5.3.6",. "description": "A command line tool to easily install prebuilt binaries for multiple version of node/iojs on a specific platform",. "dependencies": {. "detect-libc": "^1.0.3",. "expand-template": "^2.0.3",. "github-from-package": "0.0.0",. "minimist": "^1.2.3",. "mkdirp-classic": "^0.5.3",. "napi-build-utils": "^1.0.1",. "node-abi": "^2.7.0",. "noop-logger": "^0.1.1",. "npmlog": "^4.0.1",. "pump": "^3.0.0",. "rc": "^1.2.7",. "simple-get": "^3.0.3",. "tar-fs": "^2.0.0",. "tunnel-agent": "^0.6.0",. "which-pm-runs": "^1.0.0". },. "devDependencies": {. "a-native-module": "^1.0.0",. "hallmark": "^3.0.0",. "nock": "^10.0.6",. "rimraf": "^2.5.2",. "standard": "^13.0.2",. "tape": "^4.5.1". },. "bin": "./bin.js",. "repository": {. "type": "git",. "url": "https://github.com/prebuild/prebuild-install.git". },. "author": "Mathias Buus (@mafintosh)",. "license": "MIT

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\proxy.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1189
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.741251824058896
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:xisFXaHIn94wu6+8hyUxTynbVHdCfGYBO8t83aQyRnn51SX2EDErXkFBR:xi+X/94wb+krxT0b6e/yRnnSX5w7Of
                                                                                                                                                                                                                                                                                        MD5:8D6812EF16E471B4A0D0807C6B963871
                                                                                                                                                                                                                                                                                        SHA1:E382E8043D46BAEBEB2727BC0F7E6A032B835334
                                                                                                                                                                                                                                                                                        SHA-256:1E65CEFF565DB5417E2C7BEDBBEF68E3810E8825E582A2192CE79EE11AD7BAF1
                                                                                                                                                                                                                                                                                        SHA-512:F2638BED85D44861C02542A76A6332F4379541892C55A4BB8422EE731F3D5B1C23A2FCB5D5E42E07A49D3FD46BA9D268B2570BB7D7351F838748FFCBF80A46B8
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:var url = require('url').var tunnel = require('tunnel-agent').var noop = Object.assign({. http: function () {},. silly: function () {}.}, require('noop-logger'))..function applyProxy (reqOpts, opts) {. var log = opts.log || noop.. var proxy = opts['https-proxy'] || opts.proxy.. if (proxy) {. // eslint-disable-next-line node/no-deprecated-api. var parsedDownloadUrl = url.parse(reqOpts.url). // eslint-disable-next-line node/no-deprecated-api. var parsedProxy = url.parse(proxy). var uriProtocol = (parsedDownloadUrl.protocol === 'https:' ? 'https' : 'http'). var proxyProtocol = (parsedProxy.protocol === 'https:' ? 'Https' : 'Http'). var tunnelFnName = [uriProtocol, proxyProtocol].join('Over'). reqOpts.agent = tunnel[tunnelFnName]({. proxy: {. host: parsedProxy.hostname,. port: +parsedProxy.port,. proxyAuth: parsedProxy.auth. }. }). log.http('request', 'Proxy setup detected (Host: ' +. parsedProxy.hostname + ', Port: ' +.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\rc.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2531
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.963173293928606
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:59R/CFh7xiU8i8lltIUEWW2hP/Ja+ilFwt/X8S53x:59R/CliU8i8lQEWWEFwt/XlJx
                                                                                                                                                                                                                                                                                        MD5:F8CBB9CC75B990D3C10D9E4FC1261CCA
                                                                                                                                                                                                                                                                                        SHA1:DEDB6DEE835CAD015154B787D564A92256EB29C0
                                                                                                                                                                                                                                                                                        SHA-256:B85B563293538765AA586C69F9264E88A72245A2F7936B3626B2F68E2189C88A
                                                                                                                                                                                                                                                                                        SHA-512:0D466E6A6DBF3DD93860B31E7B19117D540FBBC0B871E86A3D7C96945384369049A4245EEDEFC7CAF6CA247E6F80919717A51927D804BBE850E2D21522D23086
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:var minimist = require('minimist').var getAbi = require('node-abi').getAbi.var detectLibc = require('detect-libc').var napi = require('napi-build-utils')..var env = process.env..var libc = env.LIBC || (detectLibc.isNonGlibcLinux && detectLibc.family) || ''..// Get `prebuild-install` arguments that were passed to the `npm` command.if (env.npm_config_argv) {. var npmargs = ['prebuild', 'compile', 'build-from-source', 'debug', 'verbose']. try {. var npmArgv = JSON.parse(env.npm_config_argv).cooked. for (var i = 0; i < npmargs.length; ++i) {. if (npmArgv.indexOf('--' + npmargs[i]) !== -1) {. process.argv.push('--' + npmargs[i]). }. if (npmArgv.indexOf('--no-' + npmargs[i]) !== -1) {. process.argv.push('--no-' + npmargs[i]). }. }. if ((i = npmArgv.indexOf('--download')) !== -1) {. process.argv.push(npmArgv[i], npmArgv[i + 1]). }. } catch (e) { }.}..// Get the configuration.module.exports = function (pkg) {. var pkgConf = pkg.config |

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\util.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3045
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.070664908200508
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:5ku/eo8q0yR02Wax0FX7DiTAPIEbQPGhyvq2aqL47MYj/8yf8wqDCyON3zLAQe64:qu/eo8raWo0GEbfgfaqL470yfFJhz8bN
                                                                                                                                                                                                                                                                                        MD5:D094A41C563B4AC182A9D73EFBB192E5
                                                                                                                                                                                                                                                                                        SHA1:7C9B508E8812CC24A4B6B415C226E8A19E1BB683
                                                                                                                                                                                                                                                                                        SHA-256:CA877F264EA23FD4FB488175ED6E6A69AACC22D52F21A84DD9BCEAEA9981FE36
                                                                                                                                                                                                                                                                                        SHA-512:014F42E650BA9B437A777205C58B41201E96C91F986D87DE982BDC0E84A8E5C6E1A63102B29259CCE969C4AFD17C4B9168D9A1D10B1AE2FB6E7CD52C01405022
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:var path = require('path').var github = require('github-from-package').var home = require('os').homedir.var crypto = require('crypto').var expandTemplate = require('expand-template')()..function getDownloadUrl (opts) {. var pkgName = opts.pkg.name.replace(/^@\w+\//, ''). return expandTemplate(urlTemplate(opts), {. name: pkgName,. package_name: pkgName,. version: opts.pkg.version,. major: opts.pkg.version.split('.')[0],. minor: opts.pkg.version.split('.')[1],. patch: opts.pkg.version.split('.')[2],. prerelease: opts.pkg.version.split('-')[1],. build: opts.pkg.version.split('+')[1],. abi: opts.abi || process.versions.modules,. node_abi: process.versions.modules,. runtime: opts.runtime || 'node',. platform: opts.platform,. arch: opts.arch,. libc: opts.libc || process.env.LIBC || '',. configuration: (opts.debug ? 'Debug' : 'Release'),. module_name: opts.pkg.binary && opts.pkg.binary.module_name,. tag_prefix: opts['tag-prefix'] || 'v'. }

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\CONTRIBUTING.md

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1443
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.636320036171633
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:QwR9mO04Jm6unbvCFKFtW68NL1Yh9eait0WirYgWIj:TR9u486ovC8Xl8No9eYRJj
                                                                                                                                                                                                                                                                                        MD5:08365B138B43284489ECFBF6EFD44A25
                                                                                                                                                                                                                                                                                        SHA1:1B97E91AC67FCBBD711DEDD3B5C388C08489EEAA
                                                                                                                                                                                                                                                                                        SHA-256:56E4E12A6934A2C4D36C7BF893F4D8AEFA6C96F9FFCEC357DFA6476E36C4F1F5
                                                                                                                                                                                                                                                                                        SHA-512:85494CA6582DB6AA3679F532C540F2075516628C02ABD6FC827369CF8EC1F2AC66092FF815406D4670C7A33CADC62F34C2C478136953656CE85A7D5755F8C31E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:# Developer's Certificate of Origin 1.1..By making a contribution to this project, I certify that:..* (a) The contribution was created in whole or in part by me and I. have the right to submit it under the open source license. indicated in the file; or..* (b) The contribution is based upon previous work that, to the best. of my knowledge, is covered under an appropriate open source. license and I have the right under that license to submit that. work with modifications, whether created in whole or in part. by me, under the same open source license (unless I am. permitted to submit under a different license), as indicated. in the file; or..* (c) The contribution was provided directly to me by some other. person who certified (a), (b) or (c) and I have not modified. it...* (d) I understand and agree that this project and the contribution. are public and that a record of the contribution (including all. personal information I submit with it, including my sign-off) is. maintai

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\GOVERNANCE.md

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):5550
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.5703149075149225
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:J9lNywi4mS1ICmICCwMV4mgm/vWZUy/rp9o1oyC2W765Q7DGemcjRY3z:V8S2lChjnIp9o1lCb6GDWce3z
                                                                                                                                                                                                                                                                                        MD5:70B44945CEC4643CA805D87F673FBD34
                                                                                                                                                                                                                                                                                        SHA1:F30FD9BA0FA4F12C900D1B7BB248AA568A72CC3C
                                                                                                                                                                                                                                                                                        SHA-256:7A521E462D1C6F3B599C44637FB337BBF969DDA311510A87236EC539A415331D
                                                                                                                                                                                                                                                                                        SHA-512:586F0F2A46AE29E8DC0B5931E144D3B7536057CB0A6D2ECFC72544C5048A1FC9417D14FBDB45F33E21EEF99A2A0E302A3C74D2F8E360573544C8328593053DAA
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:### Streams Working Group..The Node.js Streams is jointly governed by a Working Group.(WG).that is responsible for high-level guidance of the project...The WG has final authority over this project including:..* Technical direction.* Project governance and process (including this policy).* Contribution policy.* GitHub repository hosting.* Conduct guidelines.* Maintaining the list of additional Collaborators..For the current list of WG members, see the project.[README.md](./README.md#current-project-team-members)...### Collaborators..The readable-stream GitHub repository is.maintained by the WG and additional Collaborators who are added by the.WG on an ongoing basis...Individuals making significant and valuable contributions are made.Collaborators and given commit-access to the project. These.individuals are identified by the WG and their addition as.Collaborators is discussed during the WG meeting..._Note:_ If you make a significant contribution and are not considered.for commit-access

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\LICENSE

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2337
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.096887765301323
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:T5xxKaJ8YHvEH5QHOs5exm3oEFW9wnQiaJ8YHvEH5QHOs5exm3oEFh:TbxMssZQHTo59REssZQHToi
                                                                                                                                                                                                                                                                                        MD5:A67A7926E54316D90C14F74F71080977
                                                                                                                                                                                                                                                                                        SHA1:D3622FAC093FE1CBCB4D8E8D35801600B681FC45
                                                                                                                                                                                                                                                                                        SHA-256:EC62DC96DA0099B87F4511736C87309335527FB7031639493E06C95728DC8C54
                                                                                                                                                                                                                                                                                        SHA-512:E61DE704D5A76AFD66B5D9B1C78F0A5AFE9A846686CA2FB28C814A4A60DBE82A190ED4A6A2F31E09BF6D695B8EC178EBEA9804593029C58C1B1BEDD793324D13
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:Node.js is licensed for use as follows:..""".Copyright Node.js contributors. All rights reserved...Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT,

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\doc\wg-meetings\2015-01-30.md

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2280
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.975941757086827
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:25qVEvOcQiacqSO00H8Tm8T1qrYe2ojylkoLoboSPOg:25CEvONiVzO0f0rwoylRLg
                                                                                                                                                                                                                                                                                        MD5:0D737DE1FC474ED809C9FBB1D5E9934E
                                                                                                                                                                                                                                                                                        SHA1:1FAFE6E2E28A4404DB90AE6DC867199B74468CA4
                                                                                                                                                                                                                                                                                        SHA-256:39BDF2C2D8D23DF3239DDE5E66449DCFA9BFD0ACCF840C91C35BB295F2BBAE2D
                                                                                                                                                                                                                                                                                        SHA-512:F33AAD44449C6C62C3AE4E9053C1C884F6DDBCE00AEE35DE5818B82E9DD238F6B4C362E1D947DAFBB5504601AB7A475A786F8E8AB334A703F4B3541C5595E5E5
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:# streams WG Meeting 2015-01-30..## Links..* **Google Hangouts Video**: http://www.youtube.com/watch?v=I9nDOSGfwZg.* **GitHub Issue**: https://github.com/iojs/readable-stream/issues/106.* **Original Minutes Google Doc**: https://docs.google.com/document/d/17aTgLnjMXIrfjgNaTUnHQO7m3xgzHR2VXBTmi03Qii4/..## Agenda..Extracted from https://github.com/iojs/readable-stream/labels/wg-agenda prior to meeting...* adopt a charter [#105](https://github.com/iojs/readable-stream/issues/105).* release and versioning strategy [#101](https://github.com/iojs/readable-stream/issues/101).* simpler stream creation [#102](https://github.com/iojs/readable-stream/issues/102).* proposal: deprecate implicit flowing of streams [#99](https://github.com/iojs/readable-stream/issues/99)..## Minutes..### adopt a charter..* group: +1's all around..### What versioning scheme should be adopted?.* group: +1.s 3.0.0.* domenic+group: pulling in patches from other sources where appropriate.* mikeal: version independently,

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\duplex-browser.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):53
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.510386020356015
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:3BBBbJu9R1BA1Yn:xBBcz1i1Y
                                                                                                                                                                                                                                                                                        MD5:71BC8735EE8F568483DAA0B68865B025
                                                                                                                                                                                                                                                                                        SHA1:9FA4BC0F1F8950E8525E33C376E0722B5BE92660
                                                                                                                                                                                                                                                                                        SHA-256:B492B180E158A495AFA7B394DE1440E037C5D60524BB2FCE839AEB690E6FF968
                                                                                                                                                                                                                                                                                        SHA-512:5D8C4D5FDD2081878AB19D18C3B29EB00F4AA2F6D1B691DA90E603354762520D8F82425AE22B33897BBCD5084C63DCD769A379322909D376DC1DCA387C853564
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:module.exports = require('./lib/_stream_duplex.js');.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\duplex.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):46
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.307993543863672
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:3BBBbJlnM6j4vn:xBBXM6j4vn
                                                                                                                                                                                                                                                                                        MD5:D128BF2CD01BFE3A6213E548804685D6
                                                                                                                                                                                                                                                                                        SHA1:65D2569A9805988EB48FC26ED9FB7123BB062C12
                                                                                                                                                                                                                                                                                        SHA-256:16475035143997E924DC3F41AF6FD657CF55C5843F415F00B155C20891DA8A5B
                                                                                                                                                                                                                                                                                        SHA-512:F784338065ACEE2075F8755BF4591694C62EE7CA3B722CB12E85F61A9903A45C3E6A28E9031A785C94EA4D8FAAC014C681117C3416AF5D37629EAFA3111EF8DF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:module.exports = require('./readable').Duplex.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\lib\_stream_duplex.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4015
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.137391447911904
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:MpPI/lDQHGgOYrLXgwJ1ddiIUKc3bC5M91VQmw1d:5QHlZLXNddzU5LCkfQZ1d
                                                                                                                                                                                                                                                                                        MD5:53328D86AD3DE15E7A1B48F4772890A6
                                                                                                                                                                                                                                                                                        SHA1:5C9979AD235F24FFEC84966CA764457A6A8FB933
                                                                                                                                                                                                                                                                                        SHA-256:FD17D6A92DD9BA004C85F8E364B2771AF10D012A83766437447DBAE63879FA6B
                                                                                                                                                                                                                                                                                        SHA-512:FB1A5F969530664257763E10CFABB30B62356D00A6AE65ED64FC85DD36EC261C9598B8EBF281C79FA0C200567F6FE1E5022AD682E1BE8A3AD1CABD2D2A497F3A
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:// Copyright Joyent, Inc. and other Node contributors..//.// Permission is hereby granted, free of charge, to any person obtaining a.// copy of this software and associated documentation files (the.// "Software"), to deal in the Software without restriction, including.// without limitation the rights to use, copy, modify, merge, publish,.// distribute, sublicense, and/or sell copies of the Software, and to permit.// persons to whom the Software is furnished to do so, subject to the.// following conditions:.//.// The above copyright notice and this permission notice shall be included.// in all copies or substantial portions of the Software..//.// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS.// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN.// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,.// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONT

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\lib\_stream_passthrough.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1753
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.229478594965389
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:zQyQJrxPvA/lo+9QHQssoIvg3OKFjB+qkGT0x++GbTFBe:MpPI/lDQHGgOE7l3I
                                                                                                                                                                                                                                                                                        MD5:5DCADA23E7D0FED2AC8320A06F0D7057
                                                                                                                                                                                                                                                                                        SHA1:38FE3358505AE4667DFC1F7FDAF09C4A35EEF7E9
                                                                                                                                                                                                                                                                                        SHA-256:BF61450B1FF5F94FEA9D46665E931119642034C903E63CC224B4C96472EED4D4
                                                                                                                                                                                                                                                                                        SHA-512:A8B896641C5021FE0416E1BCD3189EE8061100F78957F06055F2D8B68FA8DC5A53784CD204F04561AF14DEB6349F55777D393710F8C1192C5B69A84C31584A36
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:// Copyright Joyent, Inc. and other Node contributors..//.// Permission is hereby granted, free of charge, to any person obtaining a.// copy of this software and associated documentation files (the.// "Software"), to deal in the Software without restriction, including.// without limitation the rights to use, copy, modify, merge, publish,.// distribute, sublicense, and/or sell copies of the Software, and to permit.// persons to whom the Software is furnished to do so, subject to the.// following conditions:.//.// The above copyright notice and this permission notice shall be included.// in all copies or substantial portions of the Software..//.// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS.// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN.// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,.// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONT

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\lib\_stream_readable.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):31426
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.805214781384264
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:768:KLEOUTw3q+hN2E9fbnzdF6cty7lkaDjpiwM:K44DZF6kEJI5
                                                                                                                                                                                                                                                                                        MD5:B143F2501705BC2A32AD7968AA377A56
                                                                                                                                                                                                                                                                                        SHA1:50077009123001E505821C5130417A1189D5BD29
                                                                                                                                                                                                                                                                                        SHA-256:216E051224EFF89A5D5EEC76BEF25ADDAC078D9EBD2E88BD0A3D73A0E605091D
                                                                                                                                                                                                                                                                                        SHA-512:BBF674884D77CC534D453841AAF4BD4562BF3A271520299C6047C41C2F775F7ECF2777C4FABFC5A28F369EB3D850AC1DCC58A5922A849A66D1A4B24C7D283FCA
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:// Copyright Joyent, Inc. and other Node contributors..//.// Permission is hereby granted, free of charge, to any person obtaining a.// copy of this software and associated documentation files (the.// "Software"), to deal in the Software without restriction, including.// without limitation the rights to use, copy, modify, merge, publish,.// distribute, sublicense, and/or sell copies of the Software, and to permit.// persons to whom the Software is furnished to do so, subject to the.// following conditions:.//.// The above copyright notice and this permission notice shall be included.// in all copies or substantial portions of the Software..//.// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS.// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN.// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,.// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONT

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\lib\_stream_transform.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):7742
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.89847949515625
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:MpPI/lDQHGgORG0hEUkcZXnrIQYSq+rz/J2uFeNBsG52lbBcOc3R+VFRLvW:5QHl90hVkusQVX12AeNyG5WcVR+VFFW
                                                                                                                                                                                                                                                                                        MD5:9CBD9508CAD163EF01DAD4CEE030897B
                                                                                                                                                                                                                                                                                        SHA1:52BBDAE8D18908D8783C49FF2DC5803E7256C541
                                                                                                                                                                                                                                                                                        SHA-256:56220D9DD58B976F1739BFC85948B267D79772BA23672FF402D13B6B3FCF4E40
                                                                                                                                                                                                                                                                                        SHA-512:910AF29C89B4114AD09E287C7D347538D494EC88095B80185A2F5BFB4FEBAB54B337C328E2A05B4BAB6BC9A3FA7447D00D07CEE54E42E34C88F0EF0138289E42
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:// Copyright Joyent, Inc. and other Node contributors..//.// Permission is hereby granted, free of charge, to any person obtaining a.// copy of this software and associated documentation files (the.// "Software"), to deal in the Software without restriction, including.// without limitation the rights to use, copy, modify, merge, publish,.// distribute, sublicense, and/or sell copies of the Software, and to permit.// persons to whom the Software is furnished to do so, subject to the.// following conditions:.//.// The above copyright notice and this permission notice shall be included.// in all copies or substantial portions of the Software..//.// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS.// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN.// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,.// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONT

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\lib\_stream_writable.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):20335
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.878070415114619
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:384:5ktbO6CARFZENwKyA0jSP3HO27imMpQDGFyB5mw5vKRnsxVcd:KteARPPKyA0jSPzOmMvy75SyxVcd
                                                                                                                                                                                                                                                                                        MD5:09B0D94AF81D8A886E8BDDA4E1D72AFE
                                                                                                                                                                                                                                                                                        SHA1:A3256EA20FBD28A2529F26A0E0DEB04F265EE064
                                                                                                                                                                                                                                                                                        SHA-256:E6359AC652ED97F5F328C586C7A6B8F163782A9CA13DA476E609A981C75E0469
                                                                                                                                                                                                                                                                                        SHA-512:1E13AC8FD6FA12A64045E87FD059D67EC81706EBF57232906B7C87F9CE50011223A8803724826434DC745C89D2AE0B08E3406A264E46E983F38720B389DF0FCB
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:// Copyright Joyent, Inc. and other Node contributors..//.// Permission is hereby granted, free of charge, to any person obtaining a.// copy of this software and associated documentation files (the.// "Software"), to deal in the Software without restriction, including.// without limitation the rights to use, copy, modify, merge, publish,.// distribute, sublicense, and/or sell copies of the Software, and to permit.// persons to whom the Software is furnished to do so, subject to the.// following conditions:.//.// The above copyright notice and this permission notice shall be included.// in all copies or substantial portions of the Software..//.// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS.// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN.// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,.// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONT

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\lib\internal\streams\BufferList.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2009
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.611047568599985
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:DgWYNGbpg/Il/z688uen1U5dQyo8RV6nVKJo8QaU338:G8den1mdnxD5QaU3s
                                                                                                                                                                                                                                                                                        MD5:66ECF816F5A889AA03BF6E758EF90048
                                                                                                                                                                                                                                                                                        SHA1:8B4EB0F087C414F3572CC2371FB2ACDAE371CA92
                                                                                                                                                                                                                                                                                        SHA-256:387991BFEE34BBB7938E0C0A3F345C3E5E4C37D5B0CB600E6D432C9995321FA7
                                                                                                                                                                                                                                                                                        SHA-512:F79B8F6BA3FD82E74FBEA2E8A5DA920F0559FE89B375372E25D158C3D08E359E7EB365FC5C68954381D9DC6F08F1DFD7C7C3126882C2D0CEF2380910AE3D4424
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict';..function _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError("Cannot call a class as a function"); } }..var Buffer = require('safe-buffer').Buffer;.var util = require('util');..function copyBuffer(src, target, offset) {. src.copy(target, offset);.}..module.exports = function () {. function BufferList() {. _classCallCheck(this, BufferList);.. this.head = null;. this.tail = null;. this.length = 0;. }.. BufferList.prototype.push = function push(v) {. var entry = { data: v, next: null };. if (this.length > 0) this.tail.next = entry;else this.head = entry;. this.tail = entry;. ++this.length;. };.. BufferList.prototype.unshift = function unshift(v) {. var entry = { data: v, next: this.head };. if (this.length === 0) this.tail = entry;. this.head = entry;. ++this.length;. };.. BufferList.prototype.shift = function shift() {. if (this.length === 0) return;. var ret = this.head.da

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\lib\internal\streams\destroy.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2175
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.600581300685707
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:DDz+DoNs9fGRZ6Wn7kIDZHWZZnDdwbhO8FhyVuNyCW+n7TvA4t0v4IAfc2BWf:HSQwfGRj0rnBupryQNM+n/I4FbK
                                                                                                                                                                                                                                                                                        MD5:8A7FD7B60A17C29F6F3D15A9619FA928
                                                                                                                                                                                                                                                                                        SHA1:3DCCE675063FE3D84A6948004EC382340DDE4198
                                                                                                                                                                                                                                                                                        SHA-256:A59F90DAEC030125875A6028B32F93E2E2BC9FAFD703991DBC36244F5CB21176
                                                                                                                                                                                                                                                                                        SHA-512:38063C3C22994E8FEC5CD396B4D6C39FE8206B4676961F0382212BF4E61BAE67F88ABD3DE6DE00C679386A44D3204713123B9F1AC8969DEA93489DECC6DA0E34
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict';../*<replacement>*/..var pna = require('process-nextick-args');./*</replacement>*/..// undocumented cb() API, needed for core, not for public API.function destroy(err, cb) {. var _this = this;.. var readableDestroyed = this._readableState && this._readableState.destroyed;. var writableDestroyed = this._writableState && this._writableState.destroyed;.. if (readableDestroyed || writableDestroyed) {. if (cb) {. cb(err);. } else if (err) {. if (!this._writableState) {. pna.nextTick(emitErrorNT, this, err);. } else if (!this._writableState.errorEmitted) {. this._writableState.errorEmitted = true;. pna.nextTick(emitErrorNT, this, err);. }. }.. return this;. }.. // we set destroyed to true before firing error callbacks in order. // to make it re-entrance safe in case destroy() is called within callbacks.. if (this._readableState) {. this._readableState.destroyed = true;. }.. // if this is a duplex stream mark the w

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\lib\internal\streams\stream-browser.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):49
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.275737589534865
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:3BBBbJoTug6IM39n:xBBYMx39
                                                                                                                                                                                                                                                                                        MD5:DF20453C19AF8406BABDF987FACD76D9
                                                                                                                                                                                                                                                                                        SHA1:0167A0DC72DAAB83989846563AAE870F37549151
                                                                                                                                                                                                                                                                                        SHA-256:72D46A15491627D8FB1489A47D03583CFE5C21902918016AB532B53E615E5A9A
                                                                                                                                                                                                                                                                                        SHA-512:8004ACA5EFC10CF89BF41ECBB6586F9ACD707EF3B789CC714043C48C0D47B6479D9D2C2FD9894AEDC683EDCB88FAD8B28517D329417D6E2D0E2B639D964956D9
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:module.exports = require('events').EventEmitter;.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\lib\internal\streams\stream.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):36
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.2363238771524
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:3BBBbJ+Yw:xBBhw
                                                                                                                                                                                                                                                                                        MD5:76BAE0AACA4D9C61A71995751B67448B
                                                                                                                                                                                                                                                                                        SHA1:90B89EC87417D1301E7615A3BA50B04626C2796C
                                                                                                                                                                                                                                                                                        SHA-256:1E7903927DF33AADB3659ECCE55266C9C851DA65CE6C8B723A60A305C1C5422C
                                                                                                                                                                                                                                                                                        SHA-512:9BE70625AF9C47A3772622031CDC4ADA6E009D9DDF71F7409109EF6B6ADFB444414630897EAB07F77BD268F66C9462D199CB72934E0BB4FDBBE614F16BB3DE24
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:module.exports = require('stream');.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):961
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.705482630406149
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:in1kJgFHzfvea0BpNOJmsE8WXkzwI/SWMblj:WkJUeLBpNfsE8ZzwuSWej
                                                                                                                                                                                                                                                                                        MD5:89D9E54CE479B2369137CC9E921F3398
                                                                                                                                                                                                                                                                                        SHA1:1D66DBDD4757A9667CDCE4FE499C8BC0D0E35963
                                                                                                                                                                                                                                                                                        SHA-256:4FC449DC706BA8988E6E1254BE82B7508A23666468ADC686709E98CEF3096317
                                                                                                                                                                                                                                                                                        SHA-512:553DE1546B406ECE81353A0C676A09719A2051AE35214FDF4124697DBB3B0DECD64D3AFBFC6A473C6D6D70958D9F8643D1D74AB4FABAEC52D1213D741E31D630
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "readable-stream",. "version": "2.3.8",. "description": "Streams3, a user-land copy of the stream library from Node.js",. "main": "readable.js",. "dependencies": {. "core-util-is": "~1.0.0",. "inherits": "~2.0.3",. "isarray": "~1.0.0",. "process-nextick-args": "~2.0.0",. "safe-buffer": "~5.1.1",. "string_decoder": "~1.1.1",. "util-deprecate": "~1.0.1". },. "devDependencies": {. "assert": "^1.4.0",. "babel-polyfill": "^6.9.1",. "buffer": "^4.9.0",. "lolex": "^2.3.2",. "nyc": "^6.4.0",. "tap": "^0.7.0",. "tape": "^4.8.0". },. "repository": {. "type": "git",. "url": "git://github.com/nodejs/readable-stream". },. "browser": {. "util": false,. "./readable.js": "./readable-browser.js",. "./writable.js": "./writable-browser.js",. "./duplex.js": "./duplex-browser.js",. "./lib/internal/streams/stream.js": "./lib/internal/streams/stream-browser.js". },. "license": "MIT".}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\passthrough.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):51
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.47842822452873
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:3BBBbJlnMydm9n:xBBXMydEn
                                                                                                                                                                                                                                                                                        MD5:C91F046D756B80D527EC8F4DBEFFA459
                                                                                                                                                                                                                                                                                        SHA1:1498C28497CA568D3DD207EAC8B236C221A17988
                                                                                                                                                                                                                                                                                        SHA-256:809DBC03B4C312355FF74EB14B2CCC77267EE71E04F519F437EB4B203407C4B7
                                                                                                                                                                                                                                                                                        SHA-512:E36C7CAF17EB5E80F85707E4FD41DB5B50F8471904DDD0E98DD9EE16FBD2211DE77730289F1990D519CA962ADABFACB6F439AF9D3B1986882F7F0A1F5C0E843A
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:module.exports = require('./readable').PassThrough.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\readable-browser.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):351
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.681447721783899
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:4irBBcz1QXuii2hmXsQQddSsQIiHOFzz1SclLii/yFoCz1i1viiEvKz1CvKwiju7:4ilBcRGm2cdQddgIkqzRD6mCRikSRCSe
                                                                                                                                                                                                                                                                                        MD5:73BA7F8DD912318C3D51D99674C77C4F
                                                                                                                                                                                                                                                                                        SHA1:C72B2B1C4F810D22237FFE40A6A2FD6E3F7C8C16
                                                                                                                                                                                                                                                                                        SHA-256:EC8E6F4E484D5269BC134752E11770B66B6BE3A470217C2A0166E977965F53C6
                                                                                                                                                                                                                                                                                        SHA-512:F336796336340144ADAABB2835149BC7E090DD4730B5F89FE25A2C43AF22557EC34DEFD0DFAD2F80D85D3021F28518ED64BFA2E6A64D9ECB5E2C6C3DA6F4E4D9
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:exports = module.exports = require('./lib/_stream_readable.js');.exports.Stream = exports;.exports.Readable = exports;.exports.Writable = require('./lib/_stream_writable.js');.exports.Duplex = require('./lib/_stream_duplex.js');.exports.Transform = require('./lib/_stream_transform.js');.exports.PassThrough = require('./lib/_stream_passthrough.js');.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\readable.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):771
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.7755606513756454
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:/ZHTJB4TBCEs2lEs7qzt0yi+I/Zr3TBYNX2d8X7qn02AU3LT:ZJa1sIyUBrj2pBw
                                                                                                                                                                                                                                                                                        MD5:0FE4BE4FE2E76F31A60E95E65D42538F
                                                                                                                                                                                                                                                                                        SHA1:8FCD80B248D1DCA48A678ABC8CAC9D9A0664C7D1
                                                                                                                                                                                                                                                                                        SHA-256:A1EFA3FA06393AFF652F3529EA1B1BC32134D49EB794B23272FB0BA13D214550
                                                                                                                                                                                                                                                                                        SHA-512:65D18129DB732C11BDF1B2953A95BF9E2161C4B6A7F90D705641B7B2CEB1927CF0E05A6FC4C6648F3C6B1573B7CF714697BF26CC44A429CCB2EF90FBF750028B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:var Stream = require('stream');.if (process.env.READABLE_STREAM === 'disable' && Stream) {. module.exports = Stream;. exports = module.exports = Stream.Readable;. exports.Readable = Stream.Readable;. exports.Writable = Stream.Writable;. exports.Duplex = Stream.Duplex;. exports.Transform = Stream.Transform;. exports.PassThrough = Stream.PassThrough;. exports.Stream = Stream;.} else {. exports = module.exports = require('./lib/_stream_readable.js');. exports.Stream = Stream || exports;. exports.Readable = exports;. exports.Writable = require('./lib/_stream_writable.js');. exports.Duplex = require('./lib/_stream_duplex.js');. exports.Transform = require('./lib/_stream_transform.js');. exports.PassThrough = require('./lib/_stream_passthrough.js');.}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\transform.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):49
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.404827956051038
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:3BBBbJlnMt+Sn:xBBXMgSn
                                                                                                                                                                                                                                                                                        MD5:1C25DB3B0DBF9EB68D7E2A7063CFCFCB
                                                                                                                                                                                                                                                                                        SHA1:50856785DFC8C7CD64838CEB52124FD30378A812
                                                                                                                                                                                                                                                                                        SHA-256:155F794C5C789568B7BC632CD37F28B9064890E887BFAB96A4393100218D4230
                                                                                                                                                                                                                                                                                        SHA-512:1D1F666A6E7025E797B93FF959EF4DF82989EFE52E14E1CDAC6B6B6041AB7C82A36720F3EFC44FFDE0A8784262C3E79F3250448DD926A7B82F0FF4FE167A2E59
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:module.exports = require('./readable').Transform.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\writable-browser.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):55
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.528744204623185
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:3BBBbJu9R1ScAALuCHn:xBBcz1SclLZ
                                                                                                                                                                                                                                                                                        MD5:41A26D0DB5DEA46383B4B625F05A9D30
                                                                                                                                                                                                                                                                                        SHA1:56A4597F339DF94654933E8E8264B2EDCDBCF2FB
                                                                                                                                                                                                                                                                                        SHA-256:427BAE9A6A026082E46ACB500DA48B270234EBC2A1DED1315B49ECCFA6311C61
                                                                                                                                                                                                                                                                                        SHA-512:A647F9F62968AB1F4E2CBBF35D7058A8EDB8FA1D4C3D6F858EA1F59523A09AA34E8EFE63E7F3DBA73E1A3D15509DAE82A058FB4AB531F9BD48EE314C446415D1
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:module.exports = require('./lib/_stream_writable.js');.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\writable.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):229
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.8560619569763315
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:qQXJXZT+qRuFmz1SclLIHVMcH+QBUQBGOFZ5iuFujBeoK:/JgqYYcMcxBUKGq+jBI
                                                                                                                                                                                                                                                                                        MD5:8D7DF10A4331D4707C47AB9913F5E9A5
                                                                                                                                                                                                                                                                                        SHA1:D1906D0190FE89683D34219A9407AE905CD91233
                                                                                                                                                                                                                                                                                        SHA-256:74CBBDC5D60E1EE6560D2850515B68C3D6B39D9B2F32346AAC1386B031C2A661
                                                                                                                                                                                                                                                                                        SHA-512:7E3E6BE8CD809385DA3DCA21CC0AFB646218648DBA1AC1E5B8704B1F3030B659F065542C727323EB0A4DACC1F5D8486002AB447296A9ABCD62CDEDCC06ADBE74
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:var Stream = require("stream").var Writable = require("./lib/_stream_writable.js")..if (process.env.READABLE_STREAM === 'disable') {. module.exports = Stream && Stream.Writable || Writable.} else {. module.exports = Writable.}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\safe-buffer\LICENSE

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1081
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.0875408334710945
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:b6NermJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5n:b6IaJHlxE35QHOs5exm3ogF5n
                                                                                                                                                                                                                                                                                        MD5:BADD5E91C737E7FFDF10B40C1F907761
                                                                                                                                                                                                                                                                                        SHA1:07D9563F6153658DE124707787FF43F0458AB24A
                                                                                                                                                                                                                                                                                        SHA-256:C7CC929B57080F4B9D0C6CF57669F0463FC5B39906344DFC8D3BC43426B30EAC
                                                                                                                                                                                                                                                                                        SHA-512:EF233F8DB609B7025E2E027355EE0B5E7B65B537506412CA1A4D95E74F2BE2FE284C3A3FA36CB9D85DBD1A35FE650FE14DE5B4D93AB071F2024C1FC8CF40730E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:The MIT License (MIT)..Copyright (c) Feross Aboukhadijeh..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\safe-buffer\index.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1529
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.76066280033095
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:PUVXjkrQZlvNQRyFybMF6BKHpXXGlhxSYT+pT6F+EUQfdFtIA3ylF+MybcF+D:cXIrKlvNeOBQkHpXWkdTYVFtI84u
                                                                                                                                                                                                                                                                                        MD5:B1622FF2944BA3F13A1CF6FBCF0F9E3F
                                                                                                                                                                                                                                                                                        SHA1:F67B8DECB99EED068F28C9AE56DF08C21BF4C33D
                                                                                                                                                                                                                                                                                        SHA-256:D58AF21CB0518864D0C505742D1AF71E5B5E1F142F4C0F27353AA0F431A616D4
                                                                                                                                                                                                                                                                                        SHA-512:600B49F49832EE51FFD8F6C99616387D93BB1FC2AFEE71D2066F982E39080A1508999EF2E2BF714D5F6ADABAA8B72D3C5CDB445C8C36B67064DD76B377B7F889
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:/* eslint-disable node/no-deprecated-api */.var buffer = require('buffer').var Buffer = buffer.Buffer..// alternative to using Object.keys for old browsers.function copyProps (src, dst) {. for (var key in src) {. dst[key] = src[key]. }.}.if (Buffer.from && Buffer.alloc && Buffer.allocUnsafe && Buffer.allocUnsafeSlow) {. module.exports = buffer.} else {. // Copy properties from require('buffer'). copyProps(buffer, exports). exports.Buffer = SafeBuffer.}..function SafeBuffer (arg, encodingOrOffset, length) {. return Buffer(arg, encodingOrOffset, length).}..// Copy static methods from Buffer.copyProps(Buffer, SafeBuffer)..SafeBuffer.from = function (arg, encodingOrOffset, length) {. if (typeof arg === 'number') {. throw new TypeError('Argument must not be a number'). }. return Buffer(arg, encodingOrOffset, length).}..SafeBuffer.alloc = function (size, fill, encoding) {. if (typeof size !== 'number') {. throw new TypeError('Argument must be a number'). }. var buf = Bu

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\safe-buffer\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):500
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.661005353217207
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:g0+6n1FVNWSFolZE0lhP796as1GQbmF2P7sz:BVn1FVNWSylZRrhDWwz
                                                                                                                                                                                                                                                                                        MD5:B55E2FBA27745164C9CDB610293D470B
                                                                                                                                                                                                                                                                                        SHA1:BDF56F6D8CD14A6791C3A42F48E61D0A8FF660E8
                                                                                                                                                                                                                                                                                        SHA-256:0BB53DCF379FFEBC8F8BAA2D2A4EFC80BE25F203509DA73CC17864B97CB9556E
                                                                                                                                                                                                                                                                                        SHA-512:22150DD9B47BF3F92F2417AD484D696C4567D95F35EA47EC61A710B1A10567DF504358892F8B1E3FA7930D3C4424C09F90A84B2CB991FC5D3E33228EA50E1766
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "safe-buffer",. "description": "Safer Node.js Buffer API",. "version": "5.1.2",. "author": {. "name": "Feross Aboukhadijeh",. "email": "feross@feross.org",. "url": "http://feross.org". },. "devDependencies": {. "standard": "*",. "tape": "^4.0.0". },. "homepage": "https://github.com/feross/safe-buffer",. "license": "MIT",. "main": "index.js",. "types": "index.d.ts",. "repository": {. "type": "git",. "url": "git://github.com/feross/safe-buffer.git". }.}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\semver\LICENSE

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):765
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.999520559493967
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:9FM9Z7TES4dCPXeTbbtLgmq6KX9KsA8dXsrUXA3+PPRz2AvzT3kEmy2CKrK2PF3t:9SZvICCtEmq6s9iOnc4PRnA+KpF3ew
                                                                                                                                                                                                                                                                                        MD5:82703A69F6D7411DDE679954C2FD9DCA
                                                                                                                                                                                                                                                                                        SHA1:BB408E929CAEB1731945B2BA54BC337EDB87CC66
                                                                                                                                                                                                                                                                                        SHA-256:4EC3D4C66CD87F5C8D8AD911B10F99BF27CB00CDFCFF82621956E379186B016B
                                                                                                                                                                                                                                                                                        SHA-512:3FA748E59FB3AF0C5293530844FAA9606D9271836489D2C8013417779D10CC180187F5E670477F9EC77D341E0EF64EAB7DCFB876C6390F027BC6F869A12D0F46
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:The ISC License..Copyright (c) Isaac Z. Schlueter and Contributors..Permission to use, copy, modify, and/or distribute this software for any.purpose with or without fee is hereby granted, provided that the above.copyright notice and this permission notice appear in all copies...THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES.WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF.MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR.ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES.WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN.ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR.IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\semver\bin\semver

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:a /usr/bin/env node script, ASCII text executable
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4418
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.509394298303882
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:iwgy9koe3EkZMZMkFeEw0ECO+5VwbvN8jxc4RrSpKdXEZ:iyWoe3C4iE58jxc4YKdXq
                                                                                                                                                                                                                                                                                        MD5:8AFF9B25951596396B9058C31E6E5ED3
                                                                                                                                                                                                                                                                                        SHA1:4FC67E3F71ABA3021CF05C8C0513F75D094F9CBD
                                                                                                                                                                                                                                                                                        SHA-256:03F83D135AFD4855683FF95D708F671593AF782471DAF4794BA9079178AA1B03
                                                                                                                                                                                                                                                                                        SHA-512:1279100FEFE32BC7630ED6088C4EA431A93460ABA5FBBAC5E51E90EAB66E44117E3987345C455B465E219FB96CBA5FB6D44B4544D3E3170ADA7074BECD460CB9
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#!/usr/bin/env node.// Standalone semver comparison program..// Exits successfully and prints matching version(s) if.// any supplied version is valid and passes all tests...var argv = process.argv.slice(2)..var versions = []..var range = []..var inc = null..var version = require('../package.json').version..var loose = false..var includePrerelease = false..var coerce = false..var identifier..var semver = require('../semver')..var reverse = false..var options = {}..main()..function main () {. if (!argv.length) return help(). while (argv.length) {. var a = argv.shift(). var indexOfEqualSign = a.indexOf('='). if (indexOfEqualSign !== -1) {. a = a.slice(0, indexOfEqualSign). argv.unshift(a.slice(indexOfEqualSign + 1)). }. switch (a) {. case '-rv': case '-rev': case '--rev': case '--reverse':. reverse = true. break. case '-l': case '--loose':. loose = true. break. case '-p': case '--include-prerelease':. includePrer

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\semver\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):667
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6386881705900755
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:91N7ZM6paYbB6+FMbmPydoq/yB+QJkBzdzYKA0kOUaV3X6ri8eRBTFt1riY:91BZM6lN/32r/aUyJo6uRBJt1r7
                                                                                                                                                                                                                                                                                        MD5:8E0E5B70211E4A72A8515CDBB62B0B79
                                                                                                                                                                                                                                                                                        SHA1:596CD619443D36F1FC13303C12A49FB051E87E4E
                                                                                                                                                                                                                                                                                        SHA-256:7281584DC6141795732406BBD3879ED25AACD2E402A942C71E36FA2F88686458
                                                                                                                                                                                                                                                                                        SHA-512:72D9E5098BF079F48AB1A80EBC786322D8077B90DA69693D7CB7DBC6B77FC244B54F43D3D006AE2EB423E314089E8B8C06652358D1B0CAC9DC400F8F1D9F07E8
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "semver",. "version": "5.7.2",. "description": "The semantic version parser used by npm.",. "main": "semver.js",. "devDependencies": {. "@npmcli/template-oss": "4.17.0",. "tap": "^12.7.0". },. "license": "ISC",. "repository": {. "type": "git",. "url": "https://github.com/npm/node-semver.git". },. "bin": {. "semver": "./bin/semver". },. "files": [. "bin",. "range.bnf",. "semver.js". ],. "author": "GitHub Inc.",. "templateOSS": {. "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",. "content": "./scripts/template-oss",. "version": "4.17.0". }.}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\semver\range.bnf

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):619
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.24704903804356
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:ZSKHT453/EVrNozPqxvrbyVc8F56l5cZpEQQMUSFnc/UCF:Z65vEvQq9reVc8F56yhQP2nc/UC
                                                                                                                                                                                                                                                                                        MD5:76D83B46734A4604DA9DF9998FE7D19E
                                                                                                                                                                                                                                                                                        SHA1:5C6F063E0EC60F2D04686F73A12BA5F389988A2B
                                                                                                                                                                                                                                                                                        SHA-256:ED628FDAFF64BE366D07F6CC4559EAE4DE109826F743EA7F5E1588C370BCA49A
                                                                                                                                                                                                                                                                                        SHA-512:40559A2C4890535B3F265AC188E40C0E38E43CF99C82B576117419DFDF05F3075B1ACCEE5609A4A890BFC8F279CC40D718AB2016D791527A4623811DE132E71B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:range-set ::= range ( logical-or range ) *.logical-or ::= ( ' ' ) * '||' ( ' ' ) *.range ::= hyphen | simple ( ' ' simple ) * | ''.hyphen ::= partial ' - ' partial.simple ::= primitive | partial | tilde | caret.primitive ::= ( '<' | '>' | '>=' | '<=' | '=' ) partial.partial ::= xr ( '.' xr ( '.' xr qualifier ? )? )?.xr ::= 'x' | 'X' | '*' | nr.nr ::= '0' | [1-9] ( [0-9] ) *.tilde ::= '~' partial.caret ::= '^' partial.qualifier ::= ( '-' pre )? ( '+' build )?.pre ::= parts.build ::= parts.parts ::= part ( '.' part ) *.part ::= nr | [-0-9A-Za-z]+.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\semver\semver.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):40812
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.964760278637615
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:768:aPOYpYDSlTzOW/T02dwJHjWRFk9kRLyzFhijOx2m9:yOYESl6WbdwJMFkFAKj9
                                                                                                                                                                                                                                                                                        MD5:DE16D03358135DDB5CCED4F242BE473D
                                                                                                                                                                                                                                                                                        SHA1:4B85B5F963842409AB87E7714887D2D7CDD4C727
                                                                                                                                                                                                                                                                                        SHA-256:433D72CFD2383F94C8266E3AF185841E60AE88D7345D79F87073F473119425D8
                                                                                                                                                                                                                                                                                        SHA-512:0007213771CCBFDF3B2027E0275CCED7836FA7FBBB10D49ACF73EB1BB0F8C74C9561C19A3CD491EB5CF92F59502EE0FA977C6C619409DD83D0E7EA3B1AC53E29
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:exports = module.exports = SemVer..var debug./* istanbul ignore next */.if (typeof process === 'object' &&. process.env &&. process.env.NODE_DEBUG &&. /\bsemver\b/i.test(process.env.NODE_DEBUG)) {. debug = function () {. var args = Array.prototype.slice.call(arguments, 0). args.unshift('SEMVER'). console.log.apply(console, args). }.} else {. debug = function () {}.}..// Note: this is the semver.org version of the spec that it implements.// Not necessarily the package version of this code..exports.SEMVER_SPEC_VERSION = '2.0.0'..var MAX_LENGTH = 256.var MAX_SAFE_INTEGER = Number.MAX_SAFE_INTEGER ||. /* istanbul ignore next */ 9007199254740991..// Max safe segment length for coercion..var MAX_SAFE_COMPONENT_LENGTH = 16..var MAX_SAFE_BUILD_LENGTH = MAX_LENGTH - 6..// The actual regexps go on exports.re.var re = exports.re = [].var safeRe = exports.safeRe = [].var src = exports.src = [].var R = 0..var LETTERDASHNUMBER = '[a-zA-Z0-9-]'..// Replace some greedy regex toke

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\simple-get\LICENSE

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1081
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.084853799840722
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:b6NerOJH7H0yxgtAHw1hC09QHOsUv4tk4/+dpoaq/FD:b6ISJrlxEDdQHOs52TSaYFD
                                                                                                                                                                                                                                                                                        MD5:FB42E5AA12BB9E365D38B4B5691D6984
                                                                                                                                                                                                                                                                                        SHA1:0B07E9E19EDFDC78EE5954F0373459DBF7BA97F9
                                                                                                                                                                                                                                                                                        SHA-256:D4C2065E2B936E62A4EB400EFB4576EDEC9CA1388A9F78AA288E147275E7BC8B
                                                                                                                                                                                                                                                                                        SHA-512:50E2FFC46C70B93C6C6B22749CED928305C2D7CDA8D272D904E79A82094345DDB6ADDD5C26396EB60B65A5D13C49DE3ADD40E52A34765456180F51B21EBED7A2
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:The MIT License (MIT)..Copyright (c) Feross Aboukhadijeh..Permission is hereby granted, free of charge, to any person obtaining a copy of.this software and associated documentation files (the "Software"), to deal in.the Software without restriction, including without limitation the rights to.use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of.the Software, and to permit persons to whom the Software is furnished to do so,.subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\simple-get\index.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3973
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.772890495507467
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:DFdKq1JJkQN4UhvXfqyeRZoYA2AXemvEGr7qlwfWBw3tXMwSfrkdFS0+aJHG6MQi:DFdKqzJRBNPleRZoYA2AumvNr7qlweu4
                                                                                                                                                                                                                                                                                        MD5:DBFFEBC3B2F88AC8C4BE6E85E88309C6
                                                                                                                                                                                                                                                                                        SHA1:C7568774450A1C5CE981780A40C9536B2A9AA78F
                                                                                                                                                                                                                                                                                        SHA-256:D890D05E02B96325749879F6C6EA2333758B4055BAA8550A094FB4C598E2BC1B
                                                                                                                                                                                                                                                                                        SHA-512:F5BA0786FE1853485365D295F227DD782AA2998D82B458A0F47A41CA5DABE78ACA385A0FE9C267C58D0CDB55B548979A25C395A76FA002ADEC143B576D02FE05
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:module.exports = simpleGet..const concat = require('simple-concat').const decompressResponse = require('decompress-response') // excluded from browser build.const http = require('http').const https = require('https').const once = require('once').const querystring = require('querystring').const url = require('url')..const isStream = o => o !== null && typeof o === 'object' && typeof o.pipe === 'function'..function simpleGet (opts, cb) {. opts = Object.assign({ maxRedirects: 10 }, typeof opts === 'string' ? { url: opts } : opts). cb = once(cb).. if (opts.url) {. const { hostname, port, protocol, auth, path } = url.parse(opts.url) // eslint-disable-line node/no-deprecated-api. delete opts.url. if (!hostname && !port && !protocol && !auth) opts.path = path // Relative redirect. else Object.assign(opts, { hostname, port, protocol, auth, path }) // Absolute redirect. }.. const headers = { 'accept-encoding': 'gzip, deflate' }. if (opts.headers) Object.keys(opts.headers).forE

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\simple-get\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):789
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.690997198342068
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:Ipy/2dtRfRXBwn1EtVNWSylZJKWEFoKRhAQwO:Ipkijjeyk7ZpEdhAQwO
                                                                                                                                                                                                                                                                                        MD5:6436D9A533B1C40A65B70EB1913D2FA2
                                                                                                                                                                                                                                                                                        SHA1:87C47599612582F30B29FFA5D3ECAB033EE33579
                                                                                                                                                                                                                                                                                        SHA-256:4D540E92E820490A9B02CE92E65AE0C6B229D3A8971A97F346BBB355BBF501DC
                                                                                                                                                                                                                                                                                        SHA-512:CD4B90364EB8B7061C0C613D91E99131F5E15E6E9C5B3D123D710BEB1D5A986AF7BF8F2439641147C297EB68865EFE7438801F7DC822F36BCDD05545CFB9C106
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "simple-get",. "description": "Simplest way to make http get requests. Supports HTTPS, redirects, gzip/deflate, streams in < 100 lines.",. "version": "3.1.1",. "author": {. "name": "Feross Aboukhadijeh",. "email": "feross@feross.org",. "url": "http://feross.org/". },. "browser": {. "decompress-response": false. },. "dependencies": {. "decompress-response": "^4.2.0",. "once": "^1.3.1",. "simple-concat": "^1.0.0". },. "devDependencies": {. "self-signed-https": "^1.0.5",. "standard": "*",. "string-to-stream": "^3.0.0",. "tape": "^4.0.0". },. "homepage": "https://github.com/feross/simple-get",. "license": "MIT",. "main": "index.js",. "repository": {. "type": "git",. "url": "git://github.com/feross/simple-get.git". }.}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\string-width\index.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):741
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.164517709070232
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:PqVewJ0DNa25WtKpCH7pBB3COwloJyVA88R8+4Oa15rKmcGS0drFSwErn:PYJ0D1WtdH77BGmJyVA88R8BnrRcF0dO
                                                                                                                                                                                                                                                                                        MD5:6F6896167219A6E5ED1303F389294B60
                                                                                                                                                                                                                                                                                        SHA1:488A7F558004CDE30CD57C2EEAC1ACA4E2947A7A
                                                                                                                                                                                                                                                                                        SHA-256:7D88178FB35726264FA3A8500ABEAE44D5B585491EDF3CD5B0ECF4DEC1BBB299
                                                                                                                                                                                                                                                                                        SHA-512:C1C67EB5E059CAF188C7317DA4B56F44BC190EF7A2ED65267B277420849B96FAEDA11054FBD0B92FF0097BB03106262A36C365B19A44948C369F28E1B2D095DA
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict';.var stripAnsi = require('strip-ansi');.var codePointAt = require('code-point-at');.var isFullwidthCodePoint = require('is-fullwidth-code-point');..// https://github.com/nodejs/io.js/blob/cff7300a578be1b10001f2d967aaedc88aee6402/lib/readline.js#L1345.module.exports = function (str) {..if (typeof str !== 'string' || str.length === 0) {...return 0;..}...var width = 0;...str = stripAnsi(str);...for (var i = 0; i < str.length; i++) {...var code = codePointAt(str, i);....// ignore control characters...if (code <= 0x1f || (code >= 0x7f && code <= 0x9f)) {....continue;...}....// surrogates...if (code >= 0x10000) {....i++;...}....if (isFullwidthCodePoint(code)) {....width += 2;...} else {....width++;...}..}...return width;.};.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\string-width\license

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1119
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.1078795238525405
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:bwrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5n:bwaJHlxE35QHOs5exm3ogF5n
                                                                                                                                                                                                                                                                                        MD5:A12EBCA0510A773644101A99A867D210
                                                                                                                                                                                                                                                                                        SHA1:0C94F137F6E0536DB8CB2622A9DC84253B91B90C
                                                                                                                                                                                                                                                                                        SHA-256:6FB9754611C20F6649F68805E8C990E83261F29316E29DE9E6CEDAE607B8634C
                                                                                                                                                                                                                                                                                        SHA-512:AE79E7A4209A451AEF6B78F7B0B88170E7A22335126AC345522BF4EAFE0818DA5865AAE1507C5DC0224EF854548C721DF9A84371822F36D50CBCD97FA946EEE9
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:The MIT License (MIT)..Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TO

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\string-width\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):590
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.589220777924428
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:Z18X3hd0JsiR+k/4SHtG3wnuPxk/GC6QtNiF0x0cIMp:Z1YheJt0S0geutwF0Wa
                                                                                                                                                                                                                                                                                        MD5:E6F27BFB862645F1EC21BEC9AB4048EE
                                                                                                                                                                                                                                                                                        SHA1:304531FB93A717B980385239E239B1A24F7C0436
                                                                                                                                                                                                                                                                                        SHA-256:C479ED4183A34EB912B880ABC86F49069312D4E9ECC12B605D396732FDC3999D
                                                                                                                                                                                                                                                                                        SHA-512:3D5ECE994706FAE060B649454D95EBD32868EB4E1C6CA58F72D91117EE44C6715083F2A5FF29CBF2C88762309AC51E497077301AAB826AA974019B81C7006274
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "string-width",. "version": "1.0.2",. "description": "Get the visual width of a string - the number of columns required to display it",. "license": "MIT",. "repository": "sindresorhus/string-width",. "author": {. "name": "Sindre Sorhus",. "email": "sindresorhus@gmail.com",. "url": "sindresorhus.com". },. "engines": {. "node": ">=0.10.0". },. "files": [. "index.js". ],. "dependencies": {. "code-point-at": "^1.0.0",. "is-fullwidth-code-point": "^1.0.0",. "strip-ansi": "^3.0.0". },. "devDependencies": {. "ava": "*",. "xo": "*". }.}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\string_decoder\LICENSE

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2338
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.097111902986731
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:T5xxKaJ8YHvEH5QHOs5exm3oEFW9wnQiaJ8YHvEH5QHOs5exm3oEF5:TbxMssZQHTo59REssZQHToM
                                                                                                                                                                                                                                                                                        MD5:14AF51F8C0A6C6E400B53E18C6E5F85C
                                                                                                                                                                                                                                                                                        SHA1:36791EE8E28518F9FB92B51AD9E4247708BE9C55
                                                                                                                                                                                                                                                                                        SHA-256:11F2AAFB37D06B3EE5BDAF06E9811141D0DA05263C316F3D627F45C20D43261B
                                                                                                                                                                                                                                                                                        SHA-512:A7FFEF419C24A9420CE268A6F3C7CCA136BB47D2A33DA37D08BD5EA213A3F58E9E28375ED3BB457ECF7C0C1B3F1434366DA4E8BEF219482FCF599D804575E5FB
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:Node.js is licensed for use as follows:..""".Copyright Node.js contributors. All rights reserved...Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT,

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\string_decoder\lib\string_decoder.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):9465
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.018409398586293
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:5QHleR/frl9e/lyUK3jhDNQxSSZOdfZCjS7EiQJRPLytV:5ke1l9cyU1SSQqytV
                                                                                                                                                                                                                                                                                        MD5:0D4D70BA095A2AF4AFD7069A295D2F6C
                                                                                                                                                                                                                                                                                        SHA1:440BD1828612D1E583E33A4EC304673A11C782AF
                                                                                                                                                                                                                                                                                        SHA-256:F1D36D47B2C579063392C1A68963467F2D4F51A069AF09EB068D974C63EE3B37
                                                                                                                                                                                                                                                                                        SHA-512:F527FCAA28387A43A4DF21C3C2E43E001B036A179383A61C58E194A33F67AC3CE445EF692D21E8F79139374F4A0749D1CEBD2CDB59A4D9B4D2EC71BFFD8B3BE2
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:// Copyright Joyent, Inc. and other Node contributors..//.// Permission is hereby granted, free of charge, to any person obtaining a.// copy of this software and associated documentation files (the.// "Software"), to deal in the Software without restriction, including.// without limitation the rights to use, copy, modify, merge, publish,.// distribute, sublicense, and/or sell copies of the Software, and to permit.// persons to whom the Software is furnished to do so, subject to the.// following conditions:.//.// The above copyright notice and this permission notice shall be included.// in all copies or substantial portions of the Software..//.// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS.// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN.// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,.// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONT

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\string_decoder\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):514
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.724701028837968
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:iyzr1i/yEJfynN0mp9hFhP6WeObmF25WhyNoh5Whyz/:vr1iBzmp7Fp88WicWs/
                                                                                                                                                                                                                                                                                        MD5:D76FCD50A6553A9D65AAB07181C17D63
                                                                                                                                                                                                                                                                                        SHA1:93305D22FF05D0B79DDBAD2E03EE30446A3734AA
                                                                                                                                                                                                                                                                                        SHA-256:FFDF79E038970AEB9B6A2C5B2F2779E2E9BCFEFE779BFE197B19041D0D7EFE86
                                                                                                                                                                                                                                                                                        SHA-512:58AE754368E14FC62102B1B9FB5158A14089A45F933AE018CBFB6B55DD165C4CE1056E7278FD8B99C164054846855A445D8EB07F59E1220538C2F855D9E3642E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "string_decoder",. "version": "1.1.1",. "description": "The string_decoder module from Node core",. "main": "lib/string_decoder.js",. "dependencies": {. "safe-buffer": "~5.1.0". },. "devDependencies": {. "babel-polyfill": "^6.23.0",. "core-util-is": "^1.0.2",. "inherits": "^2.0.3",. "tap": "~0.4.8". },. "repository": {. "type": "git",. "url": "git://github.com/nodejs/string_decoder.git". },. "homepage": "https://github.com/nodejs/string_decoder",. "license": "MIT".}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\strip-ansi\index.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):161
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6187918340464105
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:agW9EX+3TsL8XnUvQYBbfE0ZEZWxf+0WLcX2sR+:Qo8XUTB3K8fMcX2V
                                                                                                                                                                                                                                                                                        MD5:E2962C78C9C5968C399C26413CA3E8BC
                                                                                                                                                                                                                                                                                        SHA1:FA7B64A04C5989A1C9B78E83768B90384AC9ABCC
                                                                                                                                                                                                                                                                                        SHA-256:02ABCD70C31523C8C34FFAA7222629AE14B12CCD425E49FFA964A5051614691C
                                                                                                                                                                                                                                                                                        SHA-512:4126A813C6458AA1E88D57F5D6F6EB3A7B7D0DB5288173903F74557D0D63BAF2B6753E0301BD08ABED1F8BEDBBDF50CA0D326475B467201C0B649E58990428D1
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict';.var ansiRegex = require('ansi-regex')();..module.exports = function (str) {..return typeof str === 'string' ? str.replace(ansiRegex, '') : str;.};.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\strip-ansi\license

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1119
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.1078795238525405
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:bwrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5n:bwaJHlxE35QHOs5exm3ogF5n
                                                                                                                                                                                                                                                                                        MD5:A12EBCA0510A773644101A99A867D210
                                                                                                                                                                                                                                                                                        SHA1:0C94F137F6E0536DB8CB2622A9DC84253B91B90C
                                                                                                                                                                                                                                                                                        SHA-256:6FB9754611C20F6649F68805E8C990E83261F29316E29DE9E6CEDAE607B8634C
                                                                                                                                                                                                                                                                                        SHA-512:AE79E7A4209A451AEF6B78F7B0B88170E7A22335126AC345522BF4EAFE0818DA5865AAE1507C5DC0224EF854548C721DF9A84371822F36D50CBCD97FA946EEE9
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:The MIT License (MIT)..Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TO

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\strip-ansi\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):658
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.7594365116472535
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:Bt1nXoqjBFD745b4SHtG3wnEtfdt/P0vj7EpPxk/GCfc0cIMp:Bt1XfjBpI0S0g6PUUIa
                                                                                                                                                                                                                                                                                        MD5:62AA426528B1252BEB6AAEC2AA00C13B
                                                                                                                                                                                                                                                                                        SHA1:73DABF7C970FDC9E463EBF8A744724A633417EAB
                                                                                                                                                                                                                                                                                        SHA-256:630CD995481567858A023F77C88722AAFD373B1BFDE5CB515E37D5C312DACC8F
                                                                                                                                                                                                                                                                                        SHA-512:FDA8BFC417188FAC6F69FFC3D58194F7E7C75F0894832CA61CD43C86C01A198571B6BC622022AAEC27C0151292E2D4E1E42CB16652A1A12CCB6A17020B06C194
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "strip-ansi",. "version": "3.0.1",. "description": "Strip ANSI escape codes",. "license": "MIT",. "repository": "chalk/strip-ansi",. "author": {. "name": "Sindre Sorhus",. "email": "sindresorhus@gmail.com",. "url": "sindresorhus.com". },. "maintainers": [. "Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)",. "Joshua Boy Nicolai Appelman <joshua@jbna.nl> (jbna.nl)",. "JD Ballard <i.am.qix@gmail.com> (github.com/qix-)". ],. "engines": {. "node": ">=0.10.0". },. "files": [. "index.js". ],. "dependencies": {. "ansi-regex": "^2.0.0". },. "devDependencies": {. "ava": "*",. "xo": "*". }.}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):919
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.728215770459524
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:41VLODjPj9DHgoAQYly6i530gObQPFY0/A:gViDrxDHgoAxXhva+0Y
                                                                                                                                                                                                                                                                                        MD5:94166DF58D712C313447906A449CE710
                                                                                                                                                                                                                                                                                        SHA1:D7BF4122D5DB1404D832F2A0A1BEDD1DF234D115
                                                                                                                                                                                                                                                                                        SHA-256:88D3D6CA0696AED98CF288E99E4F56E0ED884FE11C93C89CC5868F2872315C05
                                                                                                                                                                                                                                                                                        SHA-512:AC30F9E0489F6001EAED2332DF90B0D2BC49D23F27925E5F97B2A3D54B8D6542DE9DC0B682ECA2FA9130683919596E93E9181F47134EBDCD29799D3CC5C55048
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "registry-js",. "version": "1.16.0",. "description": "A simple and opinionated library for working with the Windows registry",. "main": "dist/lib/index.js",. "typings": "dist/lib/index.d.ts",. "repository": {. "type": "git",. "url": "git+https://github.com/desktop/registry-js.git". },. "author": "",. "license": "MIT",. "homepage": "https://github.com/desktop/registry-js#readme",. "devDependencies": {. "@types/benchmark": "^1.0.31",. "@types/jest": "^26.0.13",. "@types/node": "^12.0.0",. "benchmark": "^2.1.4",. "jest": "^26.4.2",. "node-abi": "^2.21.0",. "prebuild": "^10.0.1",. "prettier": "^2.0.5",. "ts-node": "^9.0.0",. "typescript": "^3.9.0". },. "dependencies": {. "node-addon-api": "^3.1.0",. "prebuild-install": "^5.3.5". },. "binary": {. "napi_versions": [. 3. ]. },. "config": {. "runtime": "napi",. "target": 3. }.}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\LICENSE

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1460
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.112994396210687
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:QBUneZXobbOOrXqFTOJYrXqFTzlajJhDBTPH96432s4EOkUs8QROJ32s3yxsITfx:Q9+OOrXqJlrXqJzUhVPd6432sv832s3C
                                                                                                                                                                                                                                                                                        MD5:79558839A9DB3E807E4AE6F8CD100C1C
                                                                                                                                                                                                                                                                                        SHA1:AE3DBCEE04C86FBC589FCF2547D4AAAEB41DB3C2
                                                                                                                                                                                                                                                                                        SHA-256:7686F81E580CD6774F609A2D8A41B2CEBDF79BC30E6B46C3EFFF5A656158981C
                                                                                                                                                                                                                                                                                        SHA-512:B42C93F2B097AFA6E09D79ED045B4DD293DF2C29D91DDA5DDA04084D3329B721A6AA92A6AD6714564386A7928E9AF9195AC310DEECD37A93BB04B6A6F744BE46
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:Copyright (c) MapBox.All rights reserved...Redistribution and use in source and binary forms, with or without modification,.are permitted provided that the following conditions are met:..- Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer..- Redistributions in binary form must reproduce the above copyright notice, this. list of conditions and the following disclaimer in the documentation and/or. other materials provided with the distribution..- Neither the name "MapBox" nor the names of its contributors may be. used to endorse or promote products derived from this software without. specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE.DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.node

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1892864
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.574493294167515
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:49152:AVtIA1xRrGLYLn9M+BMPPivsICK9rzoNEqt:mtH4X3inMZt
                                                                                                                                                                                                                                                                                        MD5:55C17FC28239B0E8EA873F9C9C4E2C02
                                                                                                                                                                                                                                                                                        SHA1:C1BE46FC03E63EAE5145018C1EE3E70B3AF9338F
                                                                                                                                                                                                                                                                                        SHA-256:85EC4E3BCEC60EC481CD712B4FCBE83631D5AC1E189A87B08A33E1C85F206A66
                                                                                                                                                                                                                                                                                        SHA-512:4D670CF1A2D88452B0D384044F0D0C0F83475E0844711DF5420C0CFD0567AC6B655AA75FDA81DD2F35BBE7DB6C380F0B50E3C6F1D9506096EF17F8D3A8CAB7D2
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s... ... ... ...!... ...!D.. ...!... ..!... ..!... ..!... ...!... ... ... .U.!... .U.!... .U. ... .U.!... Rich... ........PE..d......e.........." ...%.....6......,........................................@............`.........................................py.......y..(...............\............ ..4.......p...............................@...................\n..@....................text............................... ..`.rdata..^...........................@..@.data... f.......P...|..............@....pdata..\...........................@..@_RDATA..\...........................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\common-sqlite.gypi

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1322
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.269649469997749
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:4FzFrBZ5w7rKBFrI/3+N1+QmU2fFqySKEFI/3EBm0ZJb/0+QmU2fFqyae:4FzF1ZSrKBy/m1+zU2MySKEy/EQgq+zx
                                                                                                                                                                                                                                                                                        MD5:0AD55AE01864DF3767D7B61678BD326E
                                                                                                                                                                                                                                                                                        SHA1:FFEDCC19095FD54F8619F00F55074F275CEDDFD6
                                                                                                                                                                                                                                                                                        SHA-256:4D65F2899FB54955218F28EC358A2CAD2C2074A7B43F862933C6A35E69AE0632
                                                                                                                                                                                                                                                                                        SHA-512:AAEE895D110D67E87ED1E8ED6557B060A0575F466A947A4F59CC9D111381E1AF6AA54D432233716C78F146168D548A726FED1EAB2B3F09BB71E0AE7F4FDC69E3
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. 'variables': {. 'sqlite_version%':'3440200',. "toolset%":'',. },. 'target_defaults': {. 'default_configuration': 'Release',. 'conditions': [. [ 'toolset!=""', {. 'msbuild_toolset':'<(toolset)'. }]. ],. 'configurations': {. 'Debug': {. 'defines!': [. 'NDEBUG'. ],. 'cflags_cc!': [. '-O3',. '-Os',. '-DNDEBUG'. ],. 'xcode_settings': {. 'OTHER_CPLUSPLUSFLAGS!': [. '-O3',. '-Os',. '-DDEBUG'. ],. 'GCC_OPTIMIZATION_LEVEL': '0',. 'GCC_GENERATE_DEBUGGING_SYMBOLS': 'YES'. },. 'msvs_settings': {. 'VCCLCompilerTool': {. 'ExceptionHandling': 1, # /EHsc. }. }. },. 'Release': {. 'defines': [. 'NDEBUG'. ],. 'xcode_settings': {. 'OTHER_CPLUSPLUSFLAGS!': [. '-Os',. '-O2'. ],. 'GCC_

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):224
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.702985304607579
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:5XFbUlycyp1wNQXkIY+lGAWMbVLWINHVY+lGAWM9wvyxXvn+LMOfr+HIdUyfFahX:5E360iGzMFNVPGzM+Ev+4OTdUyfF1w
                                                                                                                                                                                                                                                                                        MD5:F0A82A6A6043BF87899114337C67DF6C
                                                                                                                                                                                                                                                                                        SHA1:A906C146EB0A359742FF85C1D96A095BD0DD95FD
                                                                                                                                                                                                                                                                                        SHA-256:5BE353D29C0FABEA29CFD34448C196DA9506009C0B20FDE55E01D4191941DD74
                                                                                                                                                                                                                                                                                        SHA-512:D26879F890226808D9BD2644C5CA85CC339760E86B330212505706E5749464FAFAD1CB5F018C59A8F034D68D327CD3FA5234CEAC0677DE1AC9AE09039F574240
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:const tar = require("tar");.const path = require("path");.const tarball = path.resolve(process.argv[2]);.const dirname = path.resolve(process.argv[3]);..tar.extract({. sync: true,. file: tarball,. cwd: dirname,.});.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite-autoconf-3440200.tar.gz

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:gzip compressed data, from Unix, original size modulo 2^32 12625920
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3204841
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.999490325438607
                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                        SSDEEP:49152:ZROqVtTXPm/3DfYnW3vYkidsYIzCD8BJXKU0UzHOu67Rs5q9CVxaPdWKAz:/mDsWfYkfO8JXZzHuW5qqx8h0
                                                                                                                                                                                                                                                                                        MD5:C02F40FD4F809CED95096250ADC5764A
                                                                                                                                                                                                                                                                                        SHA1:8398DD159F3A1FD8F1C5EDF02C687512EAAB69E4
                                                                                                                                                                                                                                                                                        SHA-256:1C6719A148BC41CF0F2BBBE3926D7CE3F5CA09D878F1246FCC20767B175BB407
                                                                                                                                                                                                                                                                                        SHA-512:59AD55DF15EB84430F5286DB2E5CEDDD6CA1FC207A6343546A365C0C1BAF20258E96C53D2AD48B50385608D03DE09A692AE834CB78A39D1A48CB36A05722E402
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:...........[{W.....:.....B.!..c.[.8..I...1V.%...q.~...{fd..H.r..].Z...g.=.=c..0He....G....f.^.V...O.....}....O.|S.........7..Fu......H|..M...w.[......Q.../.O.P~.5x..>.....[......V..Q.*....?..... .*j.../.w2....0..(q5....c...F>.R7.E..R\,;..`.^.#...z..C..Q.n.....8.7.@o.Y...R.*j..=*....O...x.^....1.pS.Z...+3ZA..H.f...E?..r&.....7;....|.`0..G...$>O...!.W.....S.H...4...T. . ......g...bE:."..X.x./.G..@F2qCq2...':.'#%....E...|..&|..]!..'.N...Px.e"...Z..7...M.Co&uN./.......?.H.t....H1Ur8....c..v...i_4.^...n.q......(F....R0..............n.9f4..;..k....?j.zb..+......FW..vO.{...=IHI...C..p....J......Y.{).............$bg.G.L!..Y...C..u....Q.N.N.ruuU......j ..i....j".......-.i|..."..&.DN...!...MR...v...f............z(.y.%P4.e_g...3...N}....R....&......S.%48.*.F..c%.)...x..Z....{..'.t....I.Bx..e..]....p.....08.7.F.Fb.c;.d....#...N..y)E$.....VN..):.D......D(P2.ir..L.(.s....$P.C.D...P.._.l......d.`w@:...J^.\s.e.i.....P......!..a[.....4..&.#.}~...6c..A.a

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite3.gyp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3021
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.679912791477012
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:RnwwZfKrK3zU2oKHzU2dWDU24L4Sq6LdZHDQ3JD7Sx+6xPByrEieDH+hydsIbAAh:SwZyrK3zPoKHzPdWDP4L4SddZHE3JXSz
                                                                                                                                                                                                                                                                                        MD5:0E4D1D898D697EC33A9AD8A27F0483BF
                                                                                                                                                                                                                                                                                        SHA1:1505F707A17F35723CD268744C189D8DF47BB3A3
                                                                                                                                                                                                                                                                                        SHA-256:8793F62B1133892BA376D18A15F552EF12B1E016F7E5DF32FFB7279B760C11BD
                                                                                                                                                                                                                                                                                        SHA-512:C530ABA70E5555A27D547562D8B826B186540068AF9B4CCD01483EC39F083A991AC11D0CC66F40ACAA8B03D774080F227EE705A38995F356A14ABE6E5F97B545
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. 'includes': [ 'common-sqlite.gypi' ],.. 'variables': {. 'sqlite_magic%': '',. },.. 'target_defaults': {. 'default_configuration': 'Release',. 'cflags':[. '-std=c99'. ],. 'configurations': {. 'Debug': {. 'defines': [ 'DEBUG', '_DEBUG' ],. 'msvs_settings': {. 'VCCLCompilerTool': {. 'RuntimeLibrary': 1, # static debug. },. },. },. 'Release': {. 'defines': [ 'NDEBUG' ],. 'msvs_settings': {. 'VCCLCompilerTool': {. 'RuntimeLibrary': 0, # static release. },. },. }. },. 'msvs_settings': {. 'VCCLCompilerTool': {. },. 'VCLibrarianTool': {. },. 'VCLinkerTool': {. 'GenerateDebugInformation': 'true',. },. },. 'conditions': [. ['OS == "win"', {. 'defines': [. 'WIN32'. ],. }]. ],. },.. 'targets': [. {. 'target_name': 'action_before_build',. 'type': 'none',.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):59
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.439231872095227
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:3BBBbJvHEb9UJMRzL+BMev:xBBdHWDRnA
                                                                                                                                                                                                                                                                                        MD5:8582B2DCAED9C5A6F3B7CFE150545254
                                                                                                                                                                                                                                                                                        SHA1:14667874E0BFBE4FFC951F3E4BEC7C5CF44E5A81
                                                                                                                                                                                                                                                                                        SHA-256:762C7A74D7F92860A3873487B68E89F654A21D2AAEAE9524EAB5DE9C65E66A9C
                                                                                                                                                                                                                                                                                        SHA-512:22EC4DF7697322B23AE2E73C692ED5C925D50FDE2B7E72BFC2D5DD873E2DA51834B920DEA7C67CCA5733E8A3F5E603805762E8BE238C651AA40290452843411D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:module.exports = require('bindings')('node_sqlite3.node');.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):6365
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.5893883775756406
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:QoM2Wd0WmO6pM+tPtVRhoh3hG/h1goWPQfAcCy7gPQbQwZQiR893+9dY:npM0I6aPkd/K
                                                                                                                                                                                                                                                                                        MD5:275019A4199A84CFD18ABD0F1AE497AA
                                                                                                                                                                                                                                                                                        SHA1:8601683F9B6206E525E4A087A7CCA40D07828FD8
                                                                                                                                                                                                                                                                                        SHA-256:8D6B400AE7F69A80D0CDD37A968D7B9A913661FA53475E5B8DE49DDA21684973
                                                                                                                                                                                                                                                                                        SHA-512:6422249CCD710973F15D1242A8156D98FA8BDEA820012DF669E5363C50C5D8492D21FFEFCDFA05B46C3C18033DDE30F03349E880A4943FEDA8D1EE3C00F952B0
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:const path = require('path');.const sqlite3 = require('./sqlite3-binding.js');.const EventEmitter = require('events').EventEmitter;.module.exports = exports = sqlite3;..function normalizeMethod (fn) {. return function (sql) {. let errBack;. const args = Array.prototype.slice.call(arguments, 1);.. if (typeof args[args.length - 1] === 'function') {. const callback = args[args.length - 1];. errBack = function(err) {. if (err) {. callback(err);. }. };. }. const statement = new Statement(this, sql, errBack);. return fn.call(this, statement, args);. };.}..function inherits(target, source) {. for (const k in source.prototype). target.prototype[k] = source.prototype[k];.}..sqlite3.cached = {. Database: function(file, a, b) {. if (file === '' || file === ':memory:') {. // Don't cache special databases.. return new Database(fi

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\trace.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1357
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.369532219363835
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:aXbwFF8Sg5eV71awdNDm+vl0dU6LNS0Gl9INNAO+BIynqRiMqUc0Zz:Sbw4SiS17dN7d0LLUfI0OWIynqRiMqUr
                                                                                                                                                                                                                                                                                        MD5:E5C2DE3C74BC66D4906BB34591859A5F
                                                                                                                                                                                                                                                                                        SHA1:37EC527D9798D43898108080506126B4146334E7
                                                                                                                                                                                                                                                                                        SHA-256:D06CAEC6136120C6FB7EE3681B1CA949E8B634E747EA8D3080C90F35AEB7728F
                                                                                                                                                                                                                                                                                        SHA-512:E250E53DAE618929CBF3CB2F1084A105D3A78BDFB6BB29E290F63A1FD5FBB5B2FAB934AD16BC285E245D749A90C84BDC72FDC1A77AF912B7356C18B0B197FBE5
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:// Inspired by https://github.com/tlrobinson/long-stack-traces.const util = require('util');..function extendTrace(object, property, pos) {. const old = object[property];. object[property] = function() {. const error = new Error();. const name = object.constructor.name + '#' + property + '(' +. Array.prototype.slice.call(arguments).map(function(el) {. return util.inspect(el, false, 0);. }).join(', ') + ')';.. if (typeof pos === 'undefined') pos = -1;. if (pos < 0) pos += arguments.length;. const cb = arguments[pos];. if (typeof arguments[pos] === 'function') {. arguments[pos] = function replacement() {. const err = arguments[0];. if (err && err.stack && !err.__augmented) {. err.stack = filter(err).join('\n');. err.stack += '\n--> in ' + name;. err.stack += '\n' + filter(error).slice(1).join('\n');.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\LICENSE.md

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (460)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1150
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.128918748605585
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:bH9WHtIr4JHBH0yPP3gtAHw1hl9QHcsUv48Ok4/+dbo3oqxFD:bdUtI8JplPvEDvQHcs5ITc3omFD
                                                                                                                                                                                                                                                                                        MD5:FC3FF1120869BE6B3CCE17F9A06BFE2E
                                                                                                                                                                                                                                                                                        SHA1:59CBD579B31F0C6932DEAF31D0181203C501C9B1
                                                                                                                                                                                                                                                                                        SHA-256:89024017B88A9F2B763F79B941A4F2DB3B4428EDFCACDC0B23866B2DA633AD0C
                                                                                                                                                                                                                                                                                        SHA-512:54481C328231787E3319E8678B56B0C898BB6D7B1302A7C74320060116FC03A6D747D02DF068BBA7960A71A78608F3A5B40A3E110BAE107D41BB40988D8FC2B2
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:The MIT License (MIT)..Copyright (c) 2017 [Node.js API collaborators](https://github.com/nodejs/node-addon-api#collaborators)..Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETH

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\common.gypi

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):724
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.176944134630747
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:mCtwwcw9cVmlCLRLCv9cxznCGyNeR0a5VCTze5hsLV2FfWN+AEuQcWnqLpA5UNnL:4lwDuRWGyNeR0gYSTsLgjAEFn8A5QHiC
                                                                                                                                                                                                                                                                                        MD5:3B40C0A5CB6A8389C9A2CB3F25282D7A
                                                                                                                                                                                                                                                                                        SHA1:7A3C3551EC4D896D96E5ADB31606367BF4D4011C
                                                                                                                                                                                                                                                                                        SHA-256:60083CA8544CFEE3B47CE2AE1FAF394DA40BF24722AD4FB7828EB9598E8101D6
                                                                                                                                                                                                                                                                                        SHA-512:F05C7CE5558731CE30CA17EF1B952DCF15C54641B784E09EC4272150041016B5B016845B36B337C84B63A63A8F8937CB61D3A07ACD2D9DC7E74E4DC258614E89
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. 'variables': {. 'NAPI_VERSION%': "<!(node -p \"process.env.NAPI_VERSION || process.versions.napi\")",. 'disable_deprecated': "<!(node -p \"process.env['npm_config_disable_deprecated']\")". },. 'conditions': [. ['NAPI_VERSION!=""', { 'defines': ['NAPI_VERSION=<@(NAPI_VERSION)'] } ],. ['disable_deprecated=="true"', {. 'defines': ['NODE_ADDON_API_DISABLE_DEPRECATED']. }],. ['OS=="mac"', {. 'cflags+': ['-fvisibility=hidden'],. 'xcode_settings': {. 'OTHER_CFLAGS': ['-fvisibility=hidden']. }. }]. ],. 'cflags': [ '-Werror', '-Wall', '-Wextra', '-Wpedantic', '-Wunused-parameter' ],. 'cflags_cc': [ '-Werror', '-Wall', '-Wextra', '-Wpedantic', '-Wunused-parameter' ].}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\except.gypi

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):560
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.74785336192161
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:GeUuvuHL3dVjE4p0C9aYWilpQcWYBJbyGaOXH4:GeFvuHDp0QoYBJNI
                                                                                                                                                                                                                                                                                        MD5:1FE1FF8CA630AC3F8A8B9C4AC7E08AAD
                                                                                                                                                                                                                                                                                        SHA1:5D5716C9CAC44EEB2D911CCE7DC68F32BF49D47C
                                                                                                                                                                                                                                                                                        SHA-256:DDBC09F5B66FE24DD898FBE659085A6FF72E9575025004FC3762271DBA781E8B
                                                                                                                                                                                                                                                                                        SHA-512:F34EABBB5C9539EC64F9470754783E8D2AD004F2F1613DDF2A4E7CBF2D3E0427496B60ACB3D2E0CE03D68E38117351E88EF1D2A9123659A0556F0A3D0DFF50A7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. 'defines': [ 'NAPI_CPP_EXCEPTIONS' ],. 'cflags!': [ '-fno-exceptions' ],. 'cflags_cc!': [ '-fno-exceptions' ],. 'conditions': [. ["OS=='win'", {. "defines": [. "_HAS_EXCEPTIONS=1". ],. "msvs_settings": {. "VCCLCompilerTool": {. "ExceptionHandling": 1,. 'EnablePREfast': 'true',. },. },. }],. ["OS=='mac'", {. 'xcode_settings': {. 'GCC_ENABLE_CPP_EXCEPTIONS': 'YES',. 'CLANG_CXX_LIBRARY': 'libc++',. 'MACOSX_DEPLOYMENT_TARGET': '10.7',. },. }],. ],.}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\index.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):377
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.875137951099572
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:FcPAhheOTfL6RTBSElAbEgjZ2JwKjlA3uyeAhCVehpmM2LH7AwehpCBlEpE0kT:C4TeM6RTBiggjs/u3vfAM2rLbAweyBl7
                                                                                                                                                                                                                                                                                        MD5:76046A66F40449026E5B595AD0424518
                                                                                                                                                                                                                                                                                        SHA1:11A716C723F52E55494C0F1FC48DFCFAE23A848F
                                                                                                                                                                                                                                                                                        SHA-256:BE71328F325CF541F37704A644E53CD04AF1B69BC119B39733D64589E64DFFDB
                                                                                                                                                                                                                                                                                        SHA-512:ECF086016A9B06F9970D919E3AEAA138BD8311F86AB93999B9487E8B1BF124BFBFE0D856AAED1C01601DF85C6FED13B2E640D05C14A148010B03049BE10F3883
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:const path = require('path');..const includeDir = path.relative('.', __dirname);..module.exports = {. include: `"${__dirname}"`, // deprecated, can be removed as part of 4.0.0. include_dir: includeDir,. gyp: path.join(includeDir, 'node_api.gyp:nothing'), // deprecated.. targets: path.join(includeDir, 'node_addon_api.gyp'),. isNodeApiBuiltin: true,. needsFlag: false.};.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\napi-inl.deprecated.h

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):6323
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.324246293418274
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:2h3Gk+qh6Ge1gT0xUHggy0xxE7itK9NlDit/9r5:2hWk+qhjGgWUHggPx8itkNlDitlF
                                                                                                                                                                                                                                                                                        MD5:AFA451C950B59BF34189CF627881FC38
                                                                                                                                                                                                                                                                                        SHA1:F420000CB09F5546BD8F04D69C9736F6511AC46E
                                                                                                                                                                                                                                                                                        SHA-256:B66ED1E565E735BBFABCC2F72D466AB7C5414D3EF8851D1AF440B81BE7F2375C
                                                                                                                                                                                                                                                                                        SHA-512:3B85FC0BB429FF1519B697BF7B543E8265224BB9027CEB6A947BDF6108DFF56DF797D911E6F42F74664AE9AF798B060BEC1B081065EBE67286725F22445388D6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#ifndef SRC_NAPI_INL_DEPRECATED_H_.#define SRC_NAPI_INL_DEPRECATED_H_..////////////////////////////////////////////////////////////////////////////////.// PropertyDescriptor class.////////////////////////////////////////////////////////////////////////////////..template <typename Getter>.inline PropertyDescriptor PropertyDescriptor::Accessor(. const char* utf8name,. Getter getter,. napi_property_attributes attributes,. void* /*data*/) {. using CbData = details::CallbackData<Getter, Napi::Value>;. // TODO: Delete when the function is destroyed. auto callbackData = new CbData({getter, nullptr});.. return PropertyDescriptor({utf8name,. nullptr,. nullptr,. CbData::Wrapper,. nullptr,. nullptr,. attributes,. callbackData});.}..template <typename Getter>.inline PropertyDescriptor Prop

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\napi-inl.h

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):219411
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.936498759320801
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:FXs+DJEkNBA8iOV65H05Ho8mhRMf3t/FtapJiK5rflzb/QNJnThjODNjZXobBHb5:FXs8EkNBA8iOV65H05Ho8mhRMf3t/FtD
                                                                                                                                                                                                                                                                                        MD5:EEABF0F97BC38EF266CA00C3AE93C65A
                                                                                                                                                                                                                                                                                        SHA1:B5E210F136E169374FA1A421896EF3D9AE57865C
                                                                                                                                                                                                                                                                                        SHA-256:4B053C184DFED740FBD802FDCF97E85FB8C7B0EB1D83322000D932D31662EDA7
                                                                                                                                                                                                                                                                                        SHA-512:AFDEBB4991BA10FC668C5BCA74AF6E012BAEBA5729169B18FE439FBE85DDAEBF27F9AC89B0459C403595577121246234F2D09A2C9199E5E980812CA61E46EBC7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#ifndef SRC_NAPI_INL_H_.#define SRC_NAPI_INL_H_..////////////////////////////////////////////////////////////////////////////////.// Node-API C++ Wrapper Classes.//.// Inline header-only implementations for "Node-API" ABI-stable C APIs for.// Node.js..////////////////////////////////////////////////////////////////////////////////..// Note: Do not include this file directly! Include "napi.h" instead...#include <algorithm>.#include <cstring>.#if NAPI_HAS_THREADS.#include <mutex>.#endif // NAPI_HAS_THREADS.#include <type_traits>.#include <utility>..namespace Napi {..#ifdef NAPI_CPP_CUSTOM_NAMESPACE.namespace NAPI_CPP_CUSTOM_NAMESPACE {.#endif..// Helpers to handle functions exposed from C++ and internal constants..namespace details {..// New napi_status constants not yet available in all supported versions of.// Node.js releases. Only necessary when they are used in napi.h and napi-inl.h..constexpr int napi_no_external_buffers_allowed = 22;..template <typename FreeType>.inline void defa

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\napi.h

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):115423
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.8106882141048875
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:JRElFe9P2PLtK2nrmsr7N11zKmRZmJu6dSRViYcE:JWe9PmTHr7N11DZmJ/dQ/cE
                                                                                                                                                                                                                                                                                        MD5:7E2699EFB1E4ADFC553C568FAF7E8684
                                                                                                                                                                                                                                                                                        SHA1:A7E78CAFB8E4360AC8DD95D7F1D8AA79029C6511
                                                                                                                                                                                                                                                                                        SHA-256:2F2F5D1E4CA96F315C51AD96C292C18294DBB999B98F8B2F33B80816A3189FB0
                                                                                                                                                                                                                                                                                        SHA-512:F102BA1E882A850F8229F88AA115E115ED2F73DE00DF5CBFCCF2C81969DA8A40C26B06DABAB636F2FBA6260BA0A4DCC928EC9DC06E7870978F3C67DE3C60A578
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#ifndef SRC_NAPI_H_.#define SRC_NAPI_H_..#ifndef NAPI_HAS_THREADS.#if !defined(__wasm__) || (defined(__EMSCRIPTEN_PTHREADS__) || \. (defined(__wasi__) && defined(_REENTRANT))).#define NAPI_HAS_THREADS 1.#else.#define NAPI_HAS_THREADS 0.#endif.#endif..#include <node_api.h>.#include <functional>.#include <initializer_list>.#include <memory>.#if NAPI_HAS_THREADS.#include <mutex>.#endif // NAPI_HAS_THREADS.#include <string>.#include <vector>..// VS2015 RTM has bugs with constexpr, so require min of VS2015 Update 3 (known.// good version).#if !defined(_MSC_VER) || _MSC_FULL_VER >= 190024210.#define NAPI_HAS_CONSTEXPR 1.#endif..// VS2013 does not support char16_t literal strings, so we'll work around it.// using wchar_t strings and casting them. This is safe as long as the character.// sizes are the same..#if defined(_MSC_VER) && _MSC_VER <= 1800.static_assert(sizeof(char16_t) == sizeof(wchar_t),. "Size mismatch between char16_t and wch

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\node_addon_api.gyp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):793
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.268400332144667
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:2YT/F/ta+M7/l0hYTlta+M7ul0hYT4ta+M7/lsTs5C:284+3hh+whs+rg5C
                                                                                                                                                                                                                                                                                        MD5:11A027235C92C4253B61B1B7595FF761
                                                                                                                                                                                                                                                                                        SHA1:F44CC4179B8B5AEBF5C8160F3C317ABCA62F658B
                                                                                                                                                                                                                                                                                        SHA-256:A1F080CA22F191902D118BC2A169984A9E761AF091CA6D0EA456197BF7B6543C
                                                                                                                                                                                                                                                                                        SHA-512:4386611FD3BDCC9CD041E17A6B5B7939C13F75733F3D2B56FBCB8A5C37D431C28139E680B5AAF78D1956FED965630F72364E4A51F9F57247784BE9FB33383CEF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. 'targets': [. {. 'target_name': 'node_addon_api',. 'type': 'none',. 'sources': [ 'napi.h', 'napi-inl.h' ],. 'direct_dependent_settings': {. 'include_dirs': [ '.' ],. 'includes': ['noexcept.gypi'],. }. },. {. 'target_name': 'node_addon_api_except',. 'type': 'none',. 'sources': [ 'napi.h', 'napi-inl.h' ],. 'direct_dependent_settings': {. 'include_dirs': [ '.' ],. 'includes': ['except.gypi'],. }. },. {. 'target_name': 'node_addon_api_maybe',. 'type': 'none',. 'sources': [ 'napi.h', 'napi-inl.h' ],. 'direct_dependent_settings': {. 'include_dirs': [ '.' ],. 'includes': ['noexcept.gypi'],. 'defines': ['NODE_ADDON_API_ENABLE_MAYBE']. }. },. ].}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\node_api.gyp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):132
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.010854302019321
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:S9Wcz/t969fFIKNKFNFt5wDAvXFuCGQj+mGsFFFiCYv:S9Wa96aFd5UJmhKbv
                                                                                                                                                                                                                                                                                        MD5:FCEC1557AC47891385AE1F67E6DA343A
                                                                                                                                                                                                                                                                                        SHA1:E361D3A3BE19E802820F2FE59BFDF7C9EF72FC74
                                                                                                                                                                                                                                                                                        SHA-256:3CD2C44FB0974F016376B676D46BBEBBCA7C89D4383B09ECE30E4CB4122A1499
                                                                                                                                                                                                                                                                                        SHA-512:43715845F701ABDC09FE59D33E3F61E19278ABBACB122EDAF1B26DE55BD80B3354B76D5616905C8038EB6158C3399162B40A73742B7E4C733B3AC187E9DB0AA3
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. 'targets': [. {. 'target_name': 'nothing',. 'type': 'static_library',. 'sources': [ 'nothing.c' ]. }. ].}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\noexcept.gypi

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):639
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.818477314989795
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:GeTs7VmEvuHVyDb143FeVjEaM9aYWilpQcWbyGaOXAV4:GeTeMEvuHN0QoNwS
                                                                                                                                                                                                                                                                                        MD5:D75852A9F1E16B44A8E8D568CD2CEF04
                                                                                                                                                                                                                                                                                        SHA1:4BF93F1EF3E5875CC40632CF229DEA170C8F03B3
                                                                                                                                                                                                                                                                                        SHA-256:494060B87197C489497A038504147C435B1D09306152048ADD42BA0D7D16E747
                                                                                                                                                                                                                                                                                        SHA-512:857923151649B77E35C0D1A4F3191FE65463AB2FB5746256692F96F8DC810A9E40EEFA85EAA8141AFED49DD896F7CB58E2EB4893F94B40E4259718C50B93074C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. 'defines': [ 'NAPI_DISABLE_CPP_EXCEPTIONS' ],. 'cflags': [ '-fno-exceptions' ],. 'cflags_cc': [ '-fno-exceptions' ],. 'conditions': [. ["OS=='win'", {. # _HAS_EXCEPTIONS is already defined and set to 0 in common.gypi. #"defines": [. # "_HAS_EXCEPTIONS=0". #],. "msvs_settings": {. "VCCLCompilerTool": {. 'ExceptionHandling': 0,. 'EnablePREfast': 'true',. },. },. }],. ["OS=='mac'", {. 'xcode_settings': {. 'CLANG_CXX_LIBRARY': 'libc++',. 'MACOSX_DEPLOYMENT_TARGET': '10.7',. 'GCC_ENABLE_CPP_EXCEPTIONS': 'NO',. },. }],. ],.}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\package-support.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):467
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.019589958784576
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:lQS1kS0NwPpUjCAnqHZmA/yOQzFwWJBBzz5WQrBy+qkZGx5WKvNCL1e9TuPi1/zL:d1d0Nc0qKRzrnP5WI8+8x5W5eTT9v
                                                                                                                                                                                                                                                                                        MD5:33E3FB94807BCD5102535F476C6A46A8
                                                                                                                                                                                                                                                                                        SHA1:DEDC07E9973F104E29D2EEE9AD3468B0F40DD620
                                                                                                                                                                                                                                                                                        SHA-256:B1CB7DA23CCA1681C7392A3C889EB0CC4916C53D2D7692D4B654AE751F3442F3
                                                                                                                                                                                                                                                                                        SHA-512:BBC762C8886EC78FD889B46ABFD9F9ACA7F5D2CADBF9676F6A010026D4056CAA076516380B3C0737C61962E8BB5B0555095DD0386C99D9DA773C200CFA130755
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "versions": [. {. "version": "*",. "target": {. "node": "active". },. "response": {. "type": "time-permitting",. "paid": false,. "contact": {. "name": "node-addon-api team",. "url": "https://github.com/nodejs/node-addon-api/issues". }. },. "backing": [ { "project": "https://github.com/nodejs" },. { "foundation": "https://openjsf.org/" }. ]. }. ].}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):928
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.802440839392239
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:m6fItW6KgQVcIL+zi5Z7Xsn8r1gk4h5WIK6a2HHbmF25WIYkVG38S/Fq1Eku:m6kW6OcIL+eZ48JrIW068W3Md1lu
                                                                                                                                                                                                                                                                                        MD5:CFFD26F7951AA53579CDCB8684C8173C
                                                                                                                                                                                                                                                                                        SHA1:AB930E4C9613A991EC650C99BD2DE1F6225E2D8C
                                                                                                                                                                                                                                                                                        SHA-256:E9E737176E64BC99A3AABA4300AABEDEA056FC44F4D7F2B3C12943A2FC0A21C3
                                                                                                                                                                                                                                                                                        SHA-512:44112630E6E4A9FD72BF0A4188FAAE3E241A69DFBE41C4F0DB58F43FC78822F080F39166C7A9AC0E136D4F325E3FEA653E8AD87C5039FED747F5BEED6D64373B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "description": "Node.js API (Node-API)",. "devDependencies": {. "benchmark": "^2.1.4",. "bindings": "^1.5.0",. "clang-format": "^1.4.0",. "eslint": "^7.32.0",. "eslint-config-semistandard": "^16.0.0",. "eslint-config-standard": "^16.0.3",. "eslint-plugin-import": "^2.24.2",. "eslint-plugin-node": "^11.1.0",. "eslint-plugin-promise": "^5.1.0",. "fs-extra": "^11.1.1",. "path": "^0.12.7",. "pre-commit": "^1.2.2",. "safe-buffer": "^5.1.1". },. "directories": {},. "gypfile": false,. "homepage": "https://github.com/nodejs/node-addon-api",. "license": "MIT",. "main": "index.js",. "name": "node-addon-api",. "readme": "README.md",. "repository": {. "type": "git",. "url": "git://github.com/nodejs/node-addon-api.git". },. "files": [. "*.{c,h,gyp,gypi}",. "package-support.json",. "tools/". ],. "pre-commit": "lint",. "version": "7.1.1",. "support": true.}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\tools\README.md

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (339)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3217
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.926428555338531
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:3ZLLUOJJN8urv5xC6YiOCNGtALdb8sbgn14vghToliQejA5dfUeUAhgjLMGKxMRw:3xL3ePvGgn1PEPUJ4ILLKw/Hdyf
                                                                                                                                                                                                                                                                                        MD5:34143C24D232AC62205EC0B7601CB109
                                                                                                                                                                                                                                                                                        SHA1:3DECBDEED6F0C742925A5BE9B78F5251A4C0B569
                                                                                                                                                                                                                                                                                        SHA-256:65E9EA918538F453166B10A1D609CF44CEC3D2D01F23FECB5265FB3A4BF303D5
                                                                                                                                                                                                                                                                                        SHA-512:07DAD1D9C5C618AFC5FE2B8183EA40DB0CD736E0600BA8BDE4F38DB726D85E277C460140EF312C91A748A208FFA72283BE01A224F976F3421F144A2977EA4B2F
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:# Tools..## clang-format..The clang-format checking tools is designed to check changed lines of code compared to given git-refs...## Migration Script..The migration tool is designed to reduce repetitive work in the migration process. However, the script is not aiming to convert every thing for you. There are usually some small fixes and major reconstruction required...### How To Use..To run the conversion script, first make sure you have the latest `node-addon-api` in your `node_modules` directory..```.npm install node-addon-api.```..Then run the script passing your project directory.```.node ./node_modules/node-addon-api/tools/conversion.js ./.```..After finish, recompile and debug things that are missed by the script....### Quick Fixes.Here is the list of things that can be fixed easily.. 1. Change your methods' return value to void if it doesn't return value to JavaScript.. 2. Use `.` to access attribute or to invoke member function in Napi::Object instead of `->`.. 3. `Napi::New

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\tools\check-napi.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3176
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.715168207401501
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:xDyDtQV0x4Xv1KaWfNX8A4GcaiQLKOUiQQKOq/+AQBh+Y0q1ud/Th:xDHVc4XvYBlMABcaiQLOiQQK0jv+/b/l
                                                                                                                                                                                                                                                                                        MD5:30DFFF807DD17DB0A258056B727BCC78
                                                                                                                                                                                                                                                                                        SHA1:FAA0140EF82603F8BCFA99923F88D7787C3F51C0
                                                                                                                                                                                                                                                                                        SHA-256:9E1207808023CD998FE9E377AEFBE77D6C59FA129F94E6ACBF24907149D8C11E
                                                                                                                                                                                                                                                                                        SHA-512:6C825B5B28224007EFD005CBF65FFDB52F20400C9C80A2FE45BED375CE8862A656A30367E531315BEBC7D687C7FA35433E65975EB90DD404B42DC9C3B1152AE4
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict';.// Descend into a directory structure and, for each file matching *.node, output.// based on the imports found in the file whether it's an N-API module or not...const fs = require('fs');.const path = require('path');..// Read the output of the command, break it into lines, and use the reducer to.// decide whether the file is an N-API module or not..function checkFile (file, command, argv, reducer) {. const child = require('child_process').spawn(command, argv, {. stdio: ['inherit', 'pipe', 'inherit']. });. let leftover = '';. let isNapi;. child.stdout.on('data', (chunk) => {. if (isNapi === undefined) {. chunk = (leftover + chunk.toString()).split(/[\r\n]+/);. leftover = chunk.pop();. isNapi = chunk.reduce(reducer, isNapi);. if (isNapi !== undefined) {. child.kill();. }. }. });. child.on('close', (code, signal) => {. if ((code === null && signal !== null) || (code !== 0)) {. console.log(. command + ' exited wit

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\tools\clang-format.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:a /usr/bin/env node script, ASCII text executable
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2002
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.949399364905905
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:5OFy5LKJUu4EnBeQtU9ekC2E2h2Rpo/ljIWpIWa:kFMI4EnBeQIZjIWpIWa
                                                                                                                                                                                                                                                                                        MD5:E549F9E10D94D3D9C2EF12EC461B2F79
                                                                                                                                                                                                                                                                                        SHA1:599BF11EB9272E54371B35255C68F7999FE52985
                                                                                                                                                                                                                                                                                        SHA-256:3E0B5E6D6F1A0C5ED106115871D0FD48F37BAC5554EFFDACAF8D2439F4ED0C65
                                                                                                                                                                                                                                                                                        SHA-512:FBEFE82DFC7EA9E1E13A534348145F26A5395EE0E79B1FAC445D8DB8F9C137CC80B6DE2973D22FE33906B6E166FB65E564A12235AD8DE0E4773193256E5A66D2
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#!/usr/bin/env node..const spawn = require('child_process').spawnSync;.const path = require('path');..const filesToCheck = ['*.h', '*.cc'];.const FORMAT_START = process.env.FORMAT_START || 'main';..function main (args) {. let fix = false;. while (args.length > 0) {. switch (args[0]) {. case '-f':. case '--fix':. fix = true;. break;. default:. }. args.shift();. }.. const clangFormatPath = path.dirname(require.resolve('clang-format'));. const binary = process.platform === 'win32'. ? 'node_modules\\.bin\\clang-format.cmd'. : 'node_modules/.bin/clang-format';. const options = ['--binary=' + binary, '--style=file'];. if (fix) {. options.push(FORMAT_START);. } else {. options.push('--diff', FORMAT_START);. }.. const gitClangFormatPath = path.join(clangFormatPath, 'bin/git-clang-format');. const result = spawn(. 'python',. [gitClangFormatPath, ...options, '--', ...filesToCheck],. { encoding: 'utf-8' }. );.. if (result.std

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\tools\conversion.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:a /usr/bin/env node script, ASCII text executable, with very long lines (450)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):15013
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.554404836968548
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:N5NyA2jQTzIxgpscPG/1Zpw2YiXPi+i7y1blqxuCerleZ:DcA2jQTEG+cubpw2vXPi+Iy1bAtP
                                                                                                                                                                                                                                                                                        MD5:D021B061D75659901614E8C6F87AA6C0
                                                                                                                                                                                                                                                                                        SHA1:9B916186796D7E77C067DA569FDB4F58DEAFBFD5
                                                                                                                                                                                                                                                                                        SHA-256:E089CBAD94331AD07DFB103B5D5AAFAAF99FBA89E9674D64F4F35E9DFC432357
                                                                                                                                                                                                                                                                                        SHA-512:B0E361924E70C86FAFD657D4D36F9006187B9F88DC9B1D09ACDEC1D88DA6D4E3006892DD2409E500BC538864685DF5ACEA6509DA05AC8A020659CBBF4BA60266
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#! /usr/bin/env node..'use strict';..const fs = require('fs');.const path = require('path');..const args = process.argv.slice(2);.const dir = args[0];.if (!dir) {. console.log('Usage: node ' + path.basename(__filename) + ' <target-dir>');. process.exit(1);.}..const NodeApiVersion = require('../package.json').version;..const disable = args[1];.let ConfigFileOperations;.if (disable !== '--disable' && dir !== '--disable') {. ConfigFileOperations = {. 'package.json': [. [/([ ]*)"dependencies": {/g, '$1"dependencies": {\n$1 "node-addon-api": "' + NodeApiVersion + '",'],. [/[ ]*"nan": *"[^"]+"(,|)[\n\r]/g, '']. ],. 'binding.gyp': [. [/([ ]*)'include_dirs': \[/g, '$1\'include_dirs\': [\n$1 \'<!(node -p "require(\\\'node-addon-api\\\').include_dir")\','],. [/([ ]*)"include_dirs": \[/g, '$1"include_dirs": [\n$1 "<!(node -p \\"require(\'node-addon-api\').include_dir\\")",'],. [/[ ]*("|')<!\(node -e ("|'|\\"|\\')require\(("|'|\\"|\\')nan("|'|\\"|\\')\)("|'|

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\tools\eslint-format.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:a /usr/bin/env node script, ASCII text executable
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2071
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.018331604537307
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:y2y+RJFDmMpxxdVLMwRVyEQZIfMO5iczZCLIh9eLb3mAiRfLoovP/WG9yBBV0eQj:5jFDvxdLhFALaeuXp4/lzIGUWqlQS
                                                                                                                                                                                                                                                                                        MD5:25B89785C5ACDBB07279914A4E320F96
                                                                                                                                                                                                                                                                                        SHA1:C98E334CE1333889E348BBE75864C1713026F3CF
                                                                                                                                                                                                                                                                                        SHA-256:BEFBDA4868248093B1F5E4307D28F412D12FA16929CD0C07F5E2575E2635646D
                                                                                                                                                                                                                                                                                        SHA-512:9D8D0847FAC664ED450175F0F792256F3FFEA701DB5B737453B3D96B963C8E3A54F68DFF54C91E73094A6488772561A4A343D2BDA92B5625C1F43CEF2DEE9457
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#!/usr/bin/env node..const spawn = require('child_process').spawnSync;..const filesToCheck = '*.js';.const FORMAT_START = process.env.FORMAT_START || 'main';.const IS_WIN = process.platform === 'win32';.const ESLINT_PATH = IS_WIN ? 'node_modules\\.bin\\eslint.cmd' : 'node_modules/.bin/eslint';..function main (args) {. let fix = false;. while (args.length > 0) {. switch (args[0]) {. case '-f':. case '--fix':. fix = true;. break;. default:. }. args.shift();. }.. // Check js files that change on unstaged file. const fileUnStaged = spawn(. 'git',. ['diff', '--name-only', '--diff-filter=d', FORMAT_START, filesToCheck],. {. encoding: 'utf-8'. }. );.. // Check js files that change on staged file. const fileStaged = spawn(. 'git',. ['diff', '--name-only', '--cached', '--diff-filter=d', FORMAT_START, filesToCheck],. {. encoding: 'utf-8'. }. );.. const options = [. ...fileStaged.stdout.split('\n').filter((f) =>

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1086
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.663172967095987
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:KhF7fJ11a7nyhFMFAqEHJkB0UdPbmP+Cig5kKrhn0Y6pQWoeIsgt/JtUPKA/J8rE:ah11axFTRiW/Krh0YxWT+3Tm0y57
                                                                                                                                                                                                                                                                                        MD5:86945DBFC336D6569A0FD76774951B63
                                                                                                                                                                                                                                                                                        SHA1:09D4D570F18A284AF5B8EF54E11161F03449632E
                                                                                                                                                                                                                                                                                        SHA-256:5550921902D3DFD9F197EFF2F01413E33F8D998B463DEC0E2655AF07E9E4B290
                                                                                                                                                                                                                                                                                        SHA-512:1CB4E37612018BF13AEDBA6B26103A34CDDF504EEAE3B8F64BFD5D0682838983AAA6310620944BA009CFBC448143449D6808C4122ED377B1BA16E639D0D7BEC7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "sqlite3",. "description": "Asynchronous, non-blocking SQLite3 bindings",. "version": "5.1.7-rc.0",. "homepage": "https://github.com/TryGhost/node-sqlite3",. "author": {. "name": "Mapbox",. "url": "https://mapbox.com/". },. "binary": {. "napi_versions": [. 3,. 6. ]. },. "files": [. "binding.gyp",. "deps/",. "lib/*.js",. "lib/*.d.ts",. "src/". ],. "repository": {. "type": "git",. "url": "https://github.com/TryGhost/node-sqlite3.git". },. "dependencies": {. "bindings": "^1.5.0",. "node-addon-api": "^7.0.0",. "prebuild-install": "^7.1.1",. "tar": "^6.1.11". },. "devDependencies": {. "eslint": "8.56.0",. "mocha": "10.2.0",. "prebuild": "12.1.0". },. "peerDependencies": {. "node-gyp": "8.x". },. "peerDependenciesMeta": {. "node-gyp": {. "optional": true. }. },. "optionalDependencies": {. "node-gyp": "8.x". },. "license": "BSD-3-Clause",. "main": "./lib/sqlite3",. "types": "./

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\async.h

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1898
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.930561121765868
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:hxZDjeG5pIdsijad2eLD8FlFb26iKl3/g6MeBos:hxMupLbj8FlFb26iKl3VdT
                                                                                                                                                                                                                                                                                        MD5:E8C5E5C02D87E6AF4455FF2C59C3588B
                                                                                                                                                                                                                                                                                        SHA1:A0DE928C621BB9A71BA9CF002E0F0726E4DB7C0E
                                                                                                                                                                                                                                                                                        SHA-256:CCE55C56B41CB493EBD43B232FF8FFC9F5A180F5BAB2D10372ECA6780EB105F6
                                                                                                                                                                                                                                                                                        SHA-512:ED96889E0D1D5263FB8FED7A4966905B9812C007FBB04B733CADBE84EDC7179015B9967FF5F48816FF2C97ACF4A5B4792A35CEE1F8FCE23E5FDC797F8EE0C762
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#ifndef NODE_SQLITE3_SRC_ASYNC_H.#define NODE_SQLITE3_SRC_ASYNC_H..#include <napi.h>.#include <uv.h>..#include "threading.h"..// Generic uv_async handler..template <class Item, class Parent> class Async {. typedef void (*Callback)(Parent* parent, Item* item);..protected:. uv_async_t watcher;. NODE_SQLITE3_MUTEX_t. std::vector<Item*> data;. Callback callback;.public:. Parent* parent;..public:. Async(Parent* parent_, Callback cb_). : callback(cb_), parent(parent_) {. watcher.data = this;. NODE_SQLITE3_MUTEX_INIT. uv_loop_t *loop;. napi_get_uv_event_loop(parent_->Env(), &loop);. uv_async_init(loop, &watcher, reinterpret_cast<uv_async_cb>(listener));. }.. static void listener(uv_async_t* handle) {. auto* async = static_cast<Async*>(handle->data);. std::vector<Item*> rows;. NODE_SQLITE3_MUTEX_LOCK(&async->mutex). rows.swap(async->data);. NODE_SQLITE3_MUTEX_UNLOCK(&async->mutex). fo

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\backup.h

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):6882
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.879154935574395
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:jXmQS7rRLcxPsPVHXmIXYIyx15kPhw0Io:j2QS7rRLOPs5e0
                                                                                                                                                                                                                                                                                        MD5:29DD2FCA11A4E0776C49140ECAC95CE9
                                                                                                                                                                                                                                                                                        SHA1:837CFBC391C7FAAD304E745FC48AE9693AFAF433
                                                                                                                                                                                                                                                                                        SHA-256:556BA9AF78010F41BC6B5B806743DC728BC181934BF8A7C6E5D606F9B8C7A2E9
                                                                                                                                                                                                                                                                                        SHA-512:5785667B9C49D4F4320022C98E0567A412B48A790C99569261C12B8738BDE0B4949D3998E2B375540EDE2FF1D861CAD859780ADE796B71D4D1D692E1ED449021
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#ifndef NODE_SQLITE3_SRC_BACKUP_H.#define NODE_SQLITE3_SRC_BACKUP_H..#include "database.h"..#include <string>.#include <queue>.#include <set>..#include <sqlite3.h>.#include <napi.h>..using namespace Napi;..namespace node_sqlite3 {../**. *. * A class for managing an sqlite3_backup object. For consistency. * with other node-sqlite3 classes, it maintains an internal queue. * of calls.. *. * Intended usage from node:. *. * var db = new sqlite3.Database('live.db');. * var backup = db.backup('backup.db');. * .... * // in event loop, move backup forward when we have time.. * if (backup.idle) { backup.step(NPAGES); }. * if (backup.completed) { ... success ... }. * if (backup.failed) { ... sadness ... }. * // do other work in event loop - fine to modify live.db. * .... *. * Here is how sqlite's backup api is exposed:. *. * - `sqlite3_backup_init`: This is implemented as. * `db.backup(filename, [callback])` or. * `db.backup(filename, destDbName, sourceDbName, file

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\database.h

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):5152
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.827269492024068
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:HWEP0L0TnYvyVH0GmPnsM8plenrnxiNn5hVB4KTRDpLzysrPrWr7xaqan4qi7lgj:vPivyVHfmPjrcN5h/4KVVr43lUZtX
                                                                                                                                                                                                                                                                                        MD5:DE31AB62B7068AEA6CFFB22B54A435BB
                                                                                                                                                                                                                                                                                        SHA1:7FD98864C970CAA9C60CFC4CE1E77D736B5B5231
                                                                                                                                                                                                                                                                                        SHA-256:8521F458B206ED8F9BF79E2BD869DA0A35054B4BE44D6EA8C371DB207ECCB283
                                                                                                                                                                                                                                                                                        SHA-512:598491103564B024012DA39AC31F54CF39F10DA789CD5B17AF44E93042D9526B9FFD4867112C5F9755CB4ADA398BF5429F01DDA6C1BBC5137BEA545C3C88453B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:.#ifndef NODE_SQLITE3_SRC_DATABASE_H.#define NODE_SQLITE3_SRC_DATABASE_H...#include <assert.h>.#include <string>.#include <queue>..#include <sqlite3.h>.#include <napi.h>..#include "async.h"..using namespace Napi;..namespace node_sqlite3 {..class Database;...class Database : public Napi::ObjectWrap<Database> {.public:.#if NAPI_VERSION < 6. static Napi::FunctionReference constructor;.#endif. static Napi::Object Init(Napi::Env env, Napi::Object exports);.. static inline bool HasInstance(Napi::Value val) {. auto env = val.Env();. Napi::HandleScope scope(env);. if (!val.IsObject()) return false;. auto obj = val.As<Napi::Object>();.#if NAPI_VERSION < 6. return obj.InstanceOf(constructor.Value());.#else. auto constructor =. env.GetInstanceData<Napi::FunctionReference>();. return obj.InstanceOf(constructor->Value());.#endif. }.. struct Baton {. napi_async_work request = NULL;. Database* db;. Napi::F

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\gcc-preinclude.h

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):861
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.4548154843713075
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:qh2OetAyTMtTlzVh7bbl9lhlRlnRlhmcXQJMyWmnmhm7:getzTMtxVh7bbl9lhlRlnRlgcXQJMyWg
                                                                                                                                                                                                                                                                                        MD5:55A9165C6720727B6EC6CB815B026DEB
                                                                                                                                                                                                                                                                                        SHA1:E737E117BDEFA5838834F342D2C51E8009011008
                                                                                                                                                                                                                                                                                        SHA-256:9D4264BB1DCBEF8D927BB3A1809A01B0B89D726C217CEE99EA9CCFDC7D456B6F
                                                                                                                                                                                                                                                                                        SHA-512:79ED80377BFB576F695F271ED5200BB975F2546110267D264F0AB917F56C26ABF6D3385878285FE3E378B254AF99B59BDB8BBCAB7427788C90A0460EB2EE5B77
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:// http://web.archive.org/web/20140401031018/http://rjpower9000.wordpress.com:80/2012/04/09/fun-with-shared-libraries-version-glibc_2-14-not-found/..#if defined(__linux__)..#define _GNU_SOURCE.#include <features.h>.#undef _GNU_SOURCE..#if defined(__USE_GNU)..#if defined(__x86_64__).__asm__(".symver memcpy,memcpy@GLIBC_2.2.5");.__asm__(".symver exp,exp@GLIBC_2.2.5");.__asm__(".symver log,log@GLIBC_2.2.5");.__asm__(".symver log2,log2@GLIBC_2.2.5");.__asm__(".symver pow,pow@GLIBC_2.2.5");.__asm__(".symver fcntl64,fcntl@GLIBC_2.2.5");.#endif..#if defined(__aarch64__) || defined(_M_ARM64).__asm__(".symver memcpy,memcpy@GLIBC_2.17");.__asm__(".symver exp,exp@GLIBC_2.17");.__asm__(".symver log,log@GLIBC_2.17");.__asm__(".symver log2,log2@GLIBC_2.17");.__asm__(".symver pow,pow@GLIBC_2.17");.__asm__(".symver fcntl64,fcntl@GLIBC_2.17");.#endif..#endif.#endif.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\macros.h

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):11168
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.8120968442523697
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:SOxrBErYr4hnxlEPTZFkGdyrKL7h7K0d06I7SFcMWFtOj5Lk8wJfbZh720J0x7YY:95ZHdFvh+84DE5o8wJfbZhKUMFAUn
                                                                                                                                                                                                                                                                                        MD5:B60768ED9DD86A1116E3BCC95FF9387D
                                                                                                                                                                                                                                                                                        SHA1:C057A7EEBBA8CE61E27267930A8526AB54920AA3
                                                                                                                                                                                                                                                                                        SHA-256:C25BE1861BD8E8457300B218F5FA0BBA734F9D1F92B47D3B6AB8EE7C1862CCBE
                                                                                                                                                                                                                                                                                        SHA-512:84E0670128F1D8712E703B6E4B684B904A8081886C9739C63B71962E5D465AC569B16CB0DB74CB41DC015A64DCC1E3A9A20B0CF7F54D4320713CC0F49E0F7363
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#ifndef NODE_SQLITE3_SRC_MACROS_H.#define NODE_SQLITE3_SRC_MACROS_H..const char* sqlite_code_string(int code);.const char* sqlite_authorizer_string(int type);.#include <vector>..// TODO: better way to work around StringConcat?.#include <napi.h>.inline Napi::String StringConcat(Napi::Value str1, Napi::Value str2) {. return Napi::String::New(str1.Env(), str1.As<Napi::String>().Utf8Value() +. str2.As<Napi::String>().Utf8Value() );.}..// A Napi substitute IsInt32().inline bool OtherIsInt(Napi::Number source) {. double orig_val = source.DoubleValue();. double int_val = static_cast<double>(source.Int32Value());. if (orig_val == int_val) {. return true;. } else {. return false;. }.}..#define IS_FUNCTION(cb) \. !cb.IsUndefined() && cb.IsFunction()..#define REQUIRE_ARGUMENTS(n) \. if (info.Length() < (n)) { \. Napi::TypeError::New(env, "

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\statement.h

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):6781
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.730525251915133
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:T2kHmSF3oPvmPVD6LjmbaXCYG4hqY21nyi6BF1pcDoF/+InO:1Gw4PvmlQjRNL21+BSDt
                                                                                                                                                                                                                                                                                        MD5:0B81C9BE1DC0FF314182399CDC301AEA
                                                                                                                                                                                                                                                                                        SHA1:7433B86711D132A4DF826BAE80E58801A3EB74C9
                                                                                                                                                                                                                                                                                        SHA-256:605633BA0FB1922C16AA5FBFFFED52A097F29BF31CEE7190D810C24C02DE515B
                                                                                                                                                                                                                                                                                        SHA-512:9CF986538D048A48B9F020FC51F994F25168540DB35BDB0314744FDEC80A45BA99064BC35FE76B35918753C2886D4466FDD7E36B25838C6039F712E5AC7D81B3
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#ifndef NODE_SQLITE3_SRC_STATEMENT_H.#define NODE_SQLITE3_SRC_STATEMENT_H..#include <cstdlib>.#include <cstring>.#include <string>.#include <queue>.#include <vector>.#include <sqlite3.h>.#include <napi.h>.#include <uv.h>..#include "database.h".#include "threading.h"..using namespace Napi;..namespace node_sqlite3 {..namespace Values {. struct Field {. inline Field(unsigned short _index, unsigned short _type = SQLITE_NULL) :. type(_type), index(_index) {}. inline Field(const char* _name, unsigned short _type = SQLITE_NULL) :. type(_type), index(0), name(_name) {}.. unsigned short type;. unsigned short index;. std::string name;.. virtual ~Field() = default;. };.. struct Integer : Field {. template <class T> inline Integer(T _name, int64_t val) :. Field(_name, SQLITE_INTEGER), value(val) {}. int64_t value;. virtual ~Integer() override = default;. };.. struct Float : Field {.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\threading.h

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):388
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.099563136480987
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:MhkY0gUk3fg7IWy8jbg8QQ8ejbg2YmtWmbggVDDWmbgUUF9Xfg9gkv:tYB3qVyA8ej1Ym4mhDKmwm99v
                                                                                                                                                                                                                                                                                        MD5:F2A075D3101C2BF109D94F8C65B4ECB5
                                                                                                                                                                                                                                                                                        SHA1:D48294AEC0B7AEB03CF5D56A9912E704B9E90BF6
                                                                                                                                                                                                                                                                                        SHA-256:E0AB4F798BCCB877548B0AB0F3D98C051B36CDE240FDF424C70ACE7DAF0FFD36
                                                                                                                                                                                                                                                                                        SHA-512:D95B5FDA6CB93874FE577439F7BD16B10EAE37B70C45AE2BD914790C1E3BA70DFB6BDA7BE79D196F2C40837D98F1005C3ED209CAB9BA346ADA9CE2ED62A87F13
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#ifndef NODE_SQLITE3_SRC_THREADING_H.#define NODE_SQLITE3_SRC_THREADING_H..#define NODE_SQLITE3_MUTEX_t uv_mutex_t mutex;.#define NODE_SQLITE3_MUTEX_INIT uv_mutex_init(&mutex);.#define NODE_SQLITE3_MUTEX_LOCK(m) uv_mutex_lock(m);.#define NODE_SQLITE3_MUTEX_UNLOCK(m) uv_mutex_unlock(m);.#define NODE_SQLITE3_MUTEX_DESTROY uv_mutex_destroy(&mutex);..#endif // NODE_SQLITE3_SRC_THREADING_H.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\LICENSE

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1118
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.132499214892249
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:bGoqPrmJHHH0yN3gtsHw1hC09QHOsUv4eOk4/+/m3oqLFh:bToaJHlxE3dQHOs5exm3ogFh
                                                                                                                                                                                                                                                                                        MD5:216384C4C084FF996A55BE20CBD26EF3
                                                                                                                                                                                                                                                                                        SHA1:0510D5FDF8E7BF002B8396958F2240222DBB2A5A
                                                                                                                                                                                                                                                                                        SHA-256:FE0982BD7D38EE4CB08B2F111067BDEEDB9732A6621C761BCF7DD01AA6211C5A
                                                                                                                                                                                                                                                                                        SHA-512:EED68402C44F099B181EBBF43FF7EFD1DCF6791F7F35F6D386D66202BAE0DA6E7F0108FE9C3D62AF0F69989D92286FD0C307D2192DB0113B9FC857746DD01ABE
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:The MIT License (MIT)..Copyright (c) 2016-present Vincent Weevers.Copyright (c) 2002 Ted Peck..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TOR

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\bin.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:a /usr/bin/env node script, ASCII text executable
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):247
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.812203692866621
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:HWaH6hG3GAFx9gHyLaXqCMaAnADVxeMJQMbu:HSQ3GAz9gQFaA4VoI8
                                                                                                                                                                                                                                                                                        MD5:927D799C0C996A865D11A78F04198211
                                                                                                                                                                                                                                                                                        SHA1:F5898B61159F1F56EBD3CD439B498A177D413C0A
                                                                                                                                                                                                                                                                                        SHA-256:7F69B31EFA09C6E7D442D6229E82E65F38FAEAFEDA1FBED7C5E54324AFF062E6
                                                                                                                                                                                                                                                                                        SHA-512:97E1061700F32AF28DBC946E2F3BE0358234689F9D3482B37429DC28697516916CF1FF6C7891A29B835CDD775705F432FF7F437BB67BA87D7AE81D62453407B2
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#!/usr/bin/env node.'use strict'..const vi = require('.').const files = process.argv.slice(2)..if (!files.length) {. console.error('usage: version-info <file>, ..'). process.exit(1).}..console.log(JSON.stringify(files.map(f => vi(f)), null, 2)).

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\LICENSE

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):573
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.923396504178372
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:JAabk7zJI4IbRsFj27aUYCQLU0E+OL6o5rHOknd7FspsEA:eOk7zO4IbTeU0E+O1HOk1GpsEA
                                                                                                                                                                                                                                                                                        MD5:7CB552557240A921E34AD313A224D17D
                                                                                                                                                                                                                                                                                        SHA1:92AD1627269ADEFD696AC5A67131E4AF575A2CFB
                                                                                                                                                                                                                                                                                        SHA-256:7D355D1A2324C2073059FFE7EA4D96852C873E718BCC197374440DC3EFC3F7BA
                                                                                                                                                                                                                                                                                        SHA-512:B4BF90A3CD77805FC149A4112F822EE47B4F13404EE92455ECAB9DD12D796FFE81D664BF21042AE3AD6419ABF6A9DE6DF231328BE6BD8CA2426E3432D456921E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:Copyright 2011 Giovanni Dicanio <gdicanio@mvps.org>..Licensed under the Apache License, Version 2.0 (the "License"); you may not use.this file except in compliance with the License. You may obtain a copy of the.License at..http://www.apache.org/licenses/LICENSE-2.0..Unless required by applicable law or agreed to in writing, software distributed.under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR.CONDITIONS OF ANY KIND, either express or implied. See the License for the.specific language governing permissions and limitations under the License..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv.h

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:C++ source, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):5067
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.48832488092862
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:RUornAOESQ/aV50zJar7nx5JSYw3TK08BereFkRd50S/OdJ0o/RW4pK+O9x4pdaR:3LAOEWVeJG7XvIL8BGdyx4aWcfscpe
                                                                                                                                                                                                                                                                                        MD5:349864C2D1FBC9C7788CDF95C541FF52
                                                                                                                                                                                                                                                                                        SHA1:FA968F5BD6560675C26078DE4E7D52B454C778F7
                                                                                                                                                                                                                                                                                        SHA-256:7340EEA1DEF3C1D832A6F40C5022725F1704A783F7F992B71D5F3BA2DCAEB34C
                                                                                                                                                                                                                                                                                        SHA-512:5E1910C23DC08E79199FC80AB8E0C7B300E2E1BD2678D0D9171A73D8F328ADBD32021146E5E43485F64F25FCC6BD8413CE1CE3846AFD7FCF49FFE3A04D0EFBF6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview://////////////////////////////////////////////////////////////////////////.//.// FILE: utf8conv.h.//.// Header file defining prototypes of helper functions for converting.// strings between Unicode UTF-8 and UTF-16..// (The implementation file is "utf8conv_inl.h")..//.// UTF-8 text is stored in std::string; .// UTF-16 text is stored in std::wstring..//.// This code just uses Win32 Platform SDK and C++ standard library;.// so it can be used also with the Express editions of Visual Studio..//.//.// Original code: February 4th, 2011.// Last update: October 15th, 2011.//.// - Added more information to the utf8_conversion_error class.// (like the return code of ::GetLastError());.// moreover, the class now derives from std::runtime_error..//.// - Added conversion function overloads taking raw C strings as input..// (This is more efficient when there are raw C strings already.// available, because it avoids the creation of temporary.// new std::[w]string's.).//.// - UTF-8 conver

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv_inl.h

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):10424
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.518290721744818
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:O1eCSGl3tfHemz9KS1/ySemEOTZm5VMCHThm53Mo:O1BlJzvX
                                                                                                                                                                                                                                                                                        MD5:A5A0F8294DAAD33A66BF30C329157A2D
                                                                                                                                                                                                                                                                                        SHA1:02B5D7FAB93D942033FE9AE2620D1A2363914469
                                                                                                                                                                                                                                                                                        SHA-256:4955FBF455CC29D63F5DC777D3AA5172D6E1E6DF221A33808A913BDEBF5A1277
                                                                                                                                                                                                                                                                                        SHA-512:F583116ADA3F281C208A98D053FE6B580187D6922E2CEAE69917770A46F56C16444267172DB2CB0BDEF3B8012088706BA1A2203631F9FF79D2814714B25FA78B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview://////////////////////////////////////////////////////////////////////////.//.// FILE: utf8conv_inl.h.//.// by Giovanni Dicanio <gdicanio@mvps.org>.//.// Private header file containing implementations of inline functions..// The public header file for this module is "utf8conv.h";.// users should *not* #include this private header file directly..//.//////////////////////////////////////////////////////////////////////////..#pragma once...#include <string.h> // strlen()..#include <Windows.h> // Win32 Platform SDK main header....namespace utf8util {...//------------------------------------------------------------------------.// Implementation of utf8_conversion_error class methods.//------------------------------------------------------------------------..inline utf8_conversion_error::utf8_conversion_error(. const char * message,. conversion_type conversion,. error_code_type error_code. ) :. std::runtime_error(message),. m_conversion(conversion),.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\index.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):514
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.662132764282314
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:oT+g59LgYm/MubEnBdVMVpgUmuPggHYfWfAk6M2o:M+OmYm0mEnBXQYefd6Po
                                                                                                                                                                                                                                                                                        MD5:E5053E64FDC67009804A42CC8BAEBF90
                                                                                                                                                                                                                                                                                        SHA1:8814EF33FE018ED0A1817E77C7ED7DDB16076137
                                                                                                                                                                                                                                                                                        SHA-256:5E591255FA35FB3650502E648FF51D6D7C7E57ADA312BD33058DA03CC412EFB3
                                                                                                                                                                                                                                                                                        SHA-512:60F941A6814DC3EFEA6A65C6DCED552D4248273E1CE57222B428F813E0AB655D13546A0951AD3C0B22ADFFC7FC40542D7667CE70D315052308EA0FA1195526F5
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:'use strict'..const resolve = require('path').resolve.const isWindows = process.platform === 'win32'.const binding = isWindows ? require('node-gyp-build')(__dirname) : null..module.exports = function (file) {. if (typeof file !== 'string') {. const t = typeof file. throw new Error('win-version-info requires a string filename, got: ' + t). }.. if (file === '') {. throw new Error('win-version-info requires a non-empty string filename'). }.. return isWindows ? binding.getInfo(resolve(file)) : {}.}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\package.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):970
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.738300397804529
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:/1ZPA/nuL+npT1e53moTk7UabKkeustLo:tZypT1ovkC8YLo
                                                                                                                                                                                                                                                                                        MD5:87C7E4CE19F05422C4E61FC981215B09
                                                                                                                                                                                                                                                                                        SHA1:E3EEF2581693F7E3CE5B6C05A4C7546A0C589C3E
                                                                                                                                                                                                                                                                                        SHA-256:49943FE4F10DFFA4AD950BB9917B3418979AECD43AA02D4EC6B3FFE7E3E68F69
                                                                                                                                                                                                                                                                                        SHA-512:17CDC2F3DD834D517C3ABE1835ED971456B939FF4CFC7190EDB5968B676D6826119EA36F4548D3C7174A78E8E24CBA3CC41485004B544CBAAF8CED6FF688CB20
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{. "name": "win-version-info",. "version": "5.0.1",. "description": "Windows-only native addon to read version info from executables",. "license": "MIT",. "main": "index.js",. "bin": {. "win-version-info": "bin.js",. "version-info": "bin.js". },. "author": "Vincent Weevers",. "files": [. "bin.js",. "index.js",. "skip.js",. "binding.gyp",. "src",. "deps",. "prebuilds",. "CHANGELOG.md",. "UPGRADING.md". ],. "dependencies": {. "napi-macros": "^2.0.0",. "node-gyp-build": "^4.3.0". },. "devDependencies": {. "cross-env": "^7.0.3",. "hallmark": "^3.1.0",. "node-gyp": "^7.1.2",. "prebuildify": "^5.0.0",. "prebuildify-ci": "^1.0.5",. "standard": "^16.0.3",. "tape": "^5.0.0",. "win-dummy-exe": "0.0.1",. "xtend": "^4.0.1". },. "engines": {. "node": ">=10". },. "gypfile": true,. "repository": "vweevers/win-version-info",. "homepage": "https://github.com/vweevers/win-version-info".}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.node

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):198144
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.595632193115652
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:Ggk8drYJFnIEW91HATlbWVMkbruHNGZ2OLZrBny5OAg0FuDmrjr2F9awrC7:Ggk84SAcP/yNGZHLlAOF9NrC7
                                                                                                                                                                                                                                                                                        MD5:CEFE26EC7ACFC362CC9312C5E13BCCC1
                                                                                                                                                                                                                                                                                        SHA1:5B8C20DEAFE5756765D35FF293B7FB65CCDCA34C
                                                                                                                                                                                                                                                                                        SHA-256:05790E8AE1C66ED2ADD027E45F7D0560AE94151B46016899C19449A65DC21F56
                                                                                                                                                                                                                                                                                        SHA-512:175435B8F3CB2F153593808EF95528B74F408F623B7EF575CA2F09BB2A147C9C272ECC5E95918CFDC19F05864238108A9131CFEEB2B2C13B8A1531CBC2A22189
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+8..JV..JV..JV..:U..JV..:S..JV..:R..JV..?R..JV..?U..JV..?S..JV..:W..JV..JW..JV."?_..JV."?V..JV."?...JV."?T..JV.Rich.JV.........................PE..L......a...........!.................h.......................................@............@.............................\.......<............................ ..L... ...p...............................@...............@...8...@....................text............................... ..`.rdata..L...........................@..@.data...L...........................@....rsrc...............................@..@.reloc..L.... ......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.node

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):255488
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.3283471797462285
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:3o06awTFRroAJKQEozTk/us7bqm/ohOnI:3o0cTjVJKQ9k/7bqm/o
                                                                                                                                                                                                                                                                                        MD5:DE00E0648BB3EE003375504188D473EF
                                                                                                                                                                                                                                                                                        SHA1:A43BE3FA52B56A4E8610590AC9465AA25401FBE5
                                                                                                                                                                                                                                                                                        SHA-256:9666F8E196C798EF4419B1E6C1A8D4BDB4A399CCAB485A32A38BEF6EAEB4A384
                                                                                                                                                                                                                                                                                        SHA-512:11772462CDAEFCFAAEF1D6D19C55C6454D8402E0056552FCBF63F68B5C999939A8BE34769B5FCB74872E2D7A890C0075B35D7E23565F76D246D5D624403A15B3
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g.............9.......9...G...9...........................9..............d.......d.......d.......d.......Rich............PE..d......a.........." .....x..........8t.......................................P............`......................................... ...\...|...<....0..........d ...........@..l...@y..p...........................Pq..8...................d...@....................text...tv.......x.................. ..`.rdata...(.......*...|..............@..@.data....&..........................@....pdata..d ......."..................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc..l....@......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\skip.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):117
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.602465970581704
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:IExYvXCtcdpX2OZZvNgjEQPXERHYbXC3Etsvn:QCcd92+KhXER4z8UO
                                                                                                                                                                                                                                                                                        MD5:92A4C6DC39D38AC078EC80977508FEAC
                                                                                                                                                                                                                                                                                        SHA1:EDC8D81988E99C77105ABB1455EA224FDE97D212
                                                                                                                                                                                                                                                                                        SHA-256:C12583530EDC83DCC7CACEF4A428EAEFA84C10BFE4B62C0C9707DE015E338859
                                                                                                                                                                                                                                                                                        SHA-512:3833AF1F274D3BB89776A8DC6B9FF015F5D219EBEC47F5E98BF88670E523517AD8A493B0959DD41DD6E658C230335338325E8C2BEFEA61F2F22F8E83822CCAB2
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:const platform = process.env.npm_config_platform || process.platform.if (platform === 'win32') {. process.exit(1).}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\showver.h

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:C source, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):116
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.781291877052868
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:YLyMFAQ0MbgmWmoD1N+6zWzrx3ALJJfDRlabBs:LMF70Mbg3H4zkJV4ls
                                                                                                                                                                                                                                                                                        MD5:6F621BA192A6FE2228EF9965757F0BC9
                                                                                                                                                                                                                                                                                        SHA1:E3625CDDDE946F5EA21E4C00BE95CAD214DA4016
                                                                                                                                                                                                                                                                                        SHA-256:2B561B980E0A01191A6C7CC1CF94C8D5C061F9F299EA256F1E7CA17250AE08BB
                                                                                                                                                                                                                                                                                        SHA-512:AB90BC30F2C23A3032334D30294AA02007E0DB180C82C6C8F0D84781203BE7C342134CC17BB2AC0C7BD89C1E5902C852AFB2D09B0C7D4DBA27F5101577491F4F
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:#ifndef SHOWVER_H.#define SHOWVER_H..bool GetMetadata(wchar_t *sfnFile, napi_env env, napi_value metadata);..#endif.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\elevate.exe

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):107520
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.442687067441468
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
                                                                                                                                                                                                                                                                                        MD5:792B92C8AD13C46F27C7CED0810694DF
                                                                                                                                                                                                                                                                                        SHA1:D8D449B92DE20A57DF722DF46435BA4553ECC802
                                                                                                                                                                                                                                                                                        SHA-256:9B1FBF0C11C520AE714AF8AA9AF12CFD48503EEDECD7398D8992EE94D1B4DC37
                                                                                                                                                                                                                                                                                        SHA-512:6C247254DC18ED81213A978CCE2E321D6692848C64307097D2C43432A42F4F4F6D3CF22FB92610DFA8B7B16A5F1D94E9017CF64F88F2D08E79C0FE71A9121E40
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e......e......e.......zR........._...h......h.f.............h......Rich....................PE..L......W............................l........0....@.......................................@....................................P.......x.......................T.......p...............................@............0..$............................text............................... ..`.rdata...k...0...l..................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\snapshot_blob.bin

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):272982
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.234290196619715
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:EfEczYp4bhaz8L97I+sTDqFCDx8MayiOCY7nf4ZAqi:EfNzHbhaM1I1I6813OCQ
                                                                                                                                                                                                                                                                                        MD5:08C765BF4BA4206CC16E99E123F57DFB
                                                                                                                                                                                                                                                                                        SHA1:498D5DD5FE194943E59E63F3135FBA893CA419F7
                                                                                                                                                                                                                                                                                        SHA-256:640A40221B1684C5EA7C4887ADBF64FE281A6DC5F3195002824A9193E7C10BCA
                                                                                                                                                                                                                                                                                        SHA-512:5278DB9E2B04E65CE6EC3FB3B3CD81DC37DC3DBA94E042634A71FAD0AFA8B11691B13F2BFC447FCBCD29D155C9F187CCEA672310FF44DAFC4400FF792B660DC6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........P..X....11.9.169.4-electron.0............................................J...a..~z..........PJ..a........a........a2.......ar.......a8.......a............m...rm....m...2n....n....n...Ro....o....p...rp....p...2q....q..(Jb...*L.....@..F^.5..9.`.....(Jb....P.....@..F^..`.....H...IDa........Db............D`.....1.D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.......................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\v8_context_snapshot.bin

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):636225
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.200768198034184
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12288:nmin78TFFswIRyWKeCi79t4LiysPkxuTGmv:nb72FAyWKeCi79mLiys8xGGmv
                                                                                                                                                                                                                                                                                        MD5:0FFBF3A05A1B056924081B7788FECF4B
                                                                                                                                                                                                                                                                                        SHA1:E29FC98F8FAE7BA7128F1E2C0F21F4FBA39026BC
                                                                                                                                                                                                                                                                                        SHA-256:4B259A5932453F5828CAC0BAD68B8639AC63F5078CEC1849711DC933B5A5DBE4
                                                                                                                                                                                                                                                                                        SHA-512:5C0B0D2ECCB87608E8F93F36A68BA3759E83C10E11F38C910ACB53E1003519AC5B9617A946AE0BD9DBDAAE7200FAD292FA71C2BC59622AC3951A68B3BFDA5D8C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:........6..An...11.9.169.4-electron.0....................................................G.......d..........0...a........a........a........ar.......a8.......a............m...rm....m...2n....n....n...Ro....o....p...rp....p...2q....q..(Jb...*L.....@..F^.5..9.`.....(Jb....P.....@..F^..`.....H...IDa........Db............D`.....1.D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L...............................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\vk_swiftshader.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):5161984
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.3620594803462724
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:49152:i0RrhILSORs1a6fjFDye6GF6tr/sELa0xsEpm+PUdHuogL/1yVmHESrFo7Ta6CJS:LJhI+7OO+YoBksJP2Krhf3
                                                                                                                                                                                                                                                                                        MD5:739872A8FDFD9C979BC88BC40710BA00
                                                                                                                                                                                                                                                                                        SHA1:9A68890AFDDD899B09C084D2D50BBC3894FDDA74
                                                                                                                                                                                                                                                                                        SHA-256:EA3EB4945DC55DFD0022F43E8852290EF37421C68CDDEA02268509F2FB2F33B8
                                                                                                                                                                                                                                                                                        SHA-512:2AF3A229DC3422858927D98289B0FE2423F69C2EB10176A28FD4B5833E61D2B2F69E47C7844681F3127AD0CE1BEF4FE89DF39A1D81831C499339E8CEAFA8AC39
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ......>...........6......................................PP...........`A.........................................!J.~...FAJ.P.....O.......M.le............O..}....I.......................I.(...@A>.@............EJ.P............................text...G,>.......>................. ..`.rdata.......@>......2>.............@..@.data...P.... K.......K.............@....pdata..le....M..f....L.............@..@.00cfg..8....PO.......N.............@..@.gxfg....-...`O.......N.............@..@.retplne......O......:N..................tls....Y.....O......<N.............@..._RDATA..\.....O......>N.............@..@.rsrc.........O......@N.............@..@.reloc...}....O..~...FN.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\vk_swiftshader_icd.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):106
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.724752649036734
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                                                                                                                                        MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                                                                                                        SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                                                                                                        SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                                                                                                        SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\vulkan-1.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):948736
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.590960354245508
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24576:OdN5R4voSsQpKFZODRx6Z5WdDYsH26g3P0zAk7uIk:8NZSsQp11x6Z5WdDYsH26g3P0zAk7uR
                                                                                                                                                                                                                                                                                        MD5:1F366A987240BDB065BCCABB6665D45F
                                                                                                                                                                                                                                                                                        SHA1:C1B8E62D6A8D963EDB4A60C662FDDDD86B727448
                                                                                                                                                                                                                                                                                        SHA-256:4B3FCD25A41E5F6677337089A99EE024DA510EAE75DFEFA52B496934A9553880
                                                                                                                                                                                                                                                                                        SHA-512:333F99AC95CF62F0112760C9898A90DBE9EE0930844038B53CB8308F10A5573ED258F3211EEE5FD280210E007BF0A40ACE4D4E1959A1BE728D7FD1D9E46BF8BC
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ......................................................... ............`A........................................h...<!...&..P................p..............L...............................(...@...@............*...............................text...{........................... ..`.rdata..............................@..@.data...(M....... ..................@....pdata...p.......r..................@..@.00cfg..8............6..............@..@.gxfg...P).......*...8..............@..@.retplne.............b...................tls.................d..............@..._RDATA..\............f..............@..@.rsrc................h..............@..@.reloc..L............l..............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\SpiderBanner.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):9216
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.5347224014600345
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
                                                                                                                                                                                                                                                                                        MD5:17309E33B596BA3A5693B4D3E85CF8D7
                                                                                                                                                                                                                                                                                        SHA1:7D361836CF53DF42021C7F2B148AEC9458818C01
                                                                                                                                                                                                                                                                                        SHA-256:996A259E53CA18B89EC36D038C40148957C978C0FD600A268497D4C92F882A93
                                                                                                                                                                                                                                                                                        SHA-512:1ABAC3CE4F2D5E4A635162E16CF9125E059BA1539F70086C2D71CD00D41A6E2A54D468E6F37792E55A822D7082FB388B8DFECC79B59226BBB047B7D28D44D298
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..Wy./../../....../..Wi./..Wx./..W~./..W{./..Rich./..................PE..L...T{mW...........!................p!.......0...............................p............@..........................5..o...l1..P....P.......................`.......................................................0...............................text............................... ..`.rdata.......0......................@..@.data........@......................@....rsrc........P......................@..@.reloc..d....`....... ..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\StdUtils.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):102400
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.729923587623207
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
                                                                                                                                                                                                                                                                                        MD5:C6A6E03F77C313B267498515488C5740
                                                                                                                                                                                                                                                                                        SHA1:3D49FC2784B9450962ED6B82B46E9C3C957D7C15
                                                                                                                                                                                                                                                                                        SHA-256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
                                                                                                                                                                                                                                                                                        SHA-512:9870C5879F7B72836805088079AD5BBAFCB59FC3D9127F2160D4EC3D6E88D3CC8EBE5A9F5D20A4720FE6407C1336EF10F33B2B9621BC587E930D4CBACF337803
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q....C...C...C...C...C...C...C...C...C...C...C...C...C.[.C...C.[.C...C.[.C...C.[.C...CRich...C........................PE..L...I..[...........!.....*...b...............@.......................................+....@..........................}..d....t..........X............................................................................@...............................text....).......*.................. ..`.rdata..TC...@...D..................@..@.data...l............r..............@....rsrc...X............x..............@..@.reloc..j............~..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\System.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.719859767584478
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
                                                                                                                                                                                                                                                                                        MD5:0D7AD4F45DC6F5AA87F606D0331C6901
                                                                                                                                                                                                                                                                                        SHA1:48DF0911F0484CBE2A8CDD5362140B63C41EE457
                                                                                                                                                                                                                                                                                        SHA-256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
                                                                                                                                                                                                                                                                                        SHA-512:C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....~.\...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\app-64.7z

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:7-zip archive data, version 0.4
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):87034109
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.999995071016408
                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                        SSDEEP:1572864:ze4h6QM19C+RetuwvQkvBGvkJciBW7MIXqCAlG1hZaUXv9:ze4lMDCSwvRpPndlG7Zn
                                                                                                                                                                                                                                                                                        MD5:23987F82279EC31726C8B40B4627AD2F
                                                                                                                                                                                                                                                                                        SHA1:BC8290FF647587741C9570A94ADA834D0166D7D4
                                                                                                                                                                                                                                                                                        SHA-256:652C97F429F10F30A59F55AAAA024248C300C2472DE531DBF2984A6E5D8CA50E
                                                                                                                                                                                                                                                                                        SHA-512:A1A8C950ED7439FD7A4E9E35E799A23CCCA1D41FDF8653C3C031CA79376486218F461136C33A2E85074E8E5A8AA23CC332A5500ADED08D744ABD98092CBC87A4
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:7z..'.....>...0.....&.......9.w......]...6.....f+4IH...........(...WN4...`-.Pd6#......zZ+.Y..&v;5.i ...$$D.q..j......&S#.@.Q"..g..6...[".c.;..-9....6dv.K2...O...........Nv.F...=..... f.-.0..)m./E2.D>Q.Zf.l.._...k..".?....)d.b`.s..:.v./I.o..F|/oZ.r....6/.......N9.5.[/.)x..._C..#`."q..... .....M..>......O..ar..{....Nd.C2s....!..Y'..l.qKm..v.......b_.T..,...0H...}.j.r.....p.xa..rC..`.......o_E.....A`..x..#Y..Q..Gw-l.~.@...0a............%q.B.a..W9X8.......>j....f.......b.. bX......*.........\.y...M..<...[...++.@....U.PW...,P%..Z......G.....Qx.p.~i....O.qmN........y.?<..5h.S...a.Q...0......vt...t....U....&...<..Lol.-O.....B..q..0..._.Ngo1m..........xZ........C}.JMz.4..p{.U.eR$....LB...Fw..v.5.b..=;..?q....%..M1Q..G..0Y1.a..0].*.....k.%.Lxl.....~.....sp.?..c._......)......=.`TOQ.....1].@..AtR..5..-....#4...s...A..R.W^..*.kb.}.X......3 .m.7.s.....S...x.n.v.Xa.WP._.K..+q..*..(..@\....._K.y.........p..$.!...)x...M8...6..f....w....Q.x..B....N30.\.....xwC_..W

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\nsExec.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):6656
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.155286976455086
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
                                                                                                                                                                                                                                                                                        MD5:EC0504E6B8A11D5AAD43B296BEEB84B2
                                                                                                                                                                                                                                                                                        SHA1:91B5CE085130C8C7194D66B2439EC9E1C206497C
                                                                                                                                                                                                                                                                                        SHA-256:5D9CEB1CE5F35AEA5F9E5A0C0EDEEEC04DFEFE0C77890C80C70E98209B58B962
                                                                                                                                                                                                                                                                                        SHA-512:3F918F1B47E8A919CBE51EB17DC30ACC8CFC18E743A1BAE5B787D0DB7D26038DC1210BE98BF5BA3BE8D6ED896DBBD7AC3D13E66454A98B2A38C7E69DAD30BB57
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,..................Rich...........PE..L....~.\...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..L.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\nsis7z.dll

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):434176
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.584811966667578
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
                                                                                                                                                                                                                                                                                        MD5:80E44CE4895304C6A3A831310FBF8CD0
                                                                                                                                                                                                                                                                                        SHA1:36BD49AE21C460BE5753A904B4501F1ABCA53508
                                                                                                                                                                                                                                                                                        SHA-256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
                                                                                                                                                                                                                                                                                        SHA-512:C8BA7B1F9113EAD23E993E74A48C4427AE3562C1F6D9910B2BBE6806C9107CF7D94BC7D204613E4743D0CD869E00DAFD4FB54AAD1E8ADB69C553F3B9E5BC64DF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.6a..X2..X2..X2m.[3..X2m.]3..X2Z.]3+.X2Z.\3..X2Z.[3..X2m.\3..X2m.Y3..X2..Y2..X2..\3#.X2..]3..X2..X3..X2...2..X2...2..X2..Z3..X2Rich..X2........PE..L.....\...........!......................... ...............................@............@..........................6.......7..d................................E.....................................@............ ...............................text............................... ..`.rdata..8"... ...$..................@..@.data........P... ...6..............@....rsrc................V..............@..@.reloc...E.......F...Z..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\yn2v2ma9njey.zip

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):304
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.351987889007718
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:vhjPYas4K5jPY9lojm9PY3EWVArn3tgXXvK4KV3tg9l4CluRmNtgnlAWAvjl/8lC:5jtS5jV0f0WO/cVNmIoWSB8lC
                                                                                                                                                                                                                                                                                        MD5:850E05CFE6479AD69EAA30694C68BED3
                                                                                                                                                                                                                                                                                        SHA1:A5B7B54803D76A9464BFB9A545436241882FB627
                                                                                                                                                                                                                                                                                        SHA-256:414CDC813A605DDB3EBB250EF401CB310C88B98041B78969AE8E593FDB00C591
                                                                                                                                                                                                                                                                                        SHA-512:2B287862F4BA91568A3BA1E6D7AF9B1FBFA83DA6E70E6BE31C1D7A9AC36D43761F99196AA19DAD2EE117169996FF02F31A972654637F18A27FEED66248A6D693
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:PK..........$Z................Autofill/PK..........$Z................Cookies/PK..........$Z................Passwords/PK............$Z.........................A....Autofill/PK............$Z.........................A'...Cookies/PK............$Z.........................AM...Passwords/PK..............u.....

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\All_Wallets.zip

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                                                                                        File Type:Zip archive data (empty)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):22
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0476747992754052
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:pjt/l:Nt
                                                                                                                                                                                                                                                                                        MD5:76CDB2BAD9582D23C1F6F4D868218D6C
                                                                                                                                                                                                                                                                                        SHA1:B04F3EE8F5E43FA3B162981B50BB72FE1ACABB33
                                                                                                                                                                                                                                                                                        SHA-256:8739C76E681F900923B900C9DF0EF75CF421D39CABB54650C4B9AD19B6A76D85
                                                                                                                                                                                                                                                                                        SHA-512:5E2F959F36B66DF0580A94F384C5FC1CEEEC4B2A3925F062D7B68F21758B86581AC2ADCFDDE73A171A28496E758EF1B23CA4951C05455CDAE9357CC3B5A5825F
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:PK....................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\unrealgame\57acda13-3441-406f-93a4-7189b5e63856.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):434
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.667435367398774
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:YKWSCuj9rrt+NvnrikkBMfQK+hydWOumxBw:YKWJu5rrtivlPfmhAcV
                                                                                                                                                                                                                                                                                        MD5:ADB6C4FA401B37F4D0FC768AB04DA327
                                                                                                                                                                                                                                                                                        SHA1:F5BA473A36548C88250DCC4FDE66EF481881B31C
                                                                                                                                                                                                                                                                                        SHA-256:B28B4A1C3428FD6BDCA21AB8B26DF8DA6B5AAEBDDA40C87FBDCDF9D42B55B0EB
                                                                                                                                                                                                                                                                                        SHA-512:F33580EAEE70C22DEA8924453EF06DC7F4BCF5EB5957B578FBBDB10BE41DDB4A1AEBDE3E68D616399A660B11B84EED1EFD54B35962B621A4DF746FD0EC741DA6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADN9TIwo6FoQJvKEmstmCCgEAAAABIAAABDAGgAcgBvAG0AaQB1AG0AAAAQZgAAAAEAACAAAAAqhEEvQ0wJzdwTkkuTOcpd+EmukYHL7x3AWcEqesWqpAAAAAAOgAAAAAIAACAAAABYfgv/YYS9dhRa6C5daIl5u/Nsv69uGyT0YEjYdNXEtTAAAABfuRMv6lcnaunhUw6E77DazMY9b72Ip5V3H77qb7WXxMEZV7usxIVWcrfxoPmK93hAAAAA3bueKUDzQz/JdJmIh6Q4Mjo+9K4KtTebGV7edCSONy6Oxx23sB6PgXw8TCqaTRcr60l5EjjslTtfhpPYQiLB1A=="}}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\unrealgame\Local State (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):434
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.667435367398774
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:YKWSCuj9rrt+NvnrikkBMfQK+hydWOumxBw:YKWJu5rrtivlPfmhAcV
                                                                                                                                                                                                                                                                                        MD5:ADB6C4FA401B37F4D0FC768AB04DA327
                                                                                                                                                                                                                                                                                        SHA1:F5BA473A36548C88250DCC4FDE66EF481881B31C
                                                                                                                                                                                                                                                                                        SHA-256:B28B4A1C3428FD6BDCA21AB8B26DF8DA6B5AAEBDDA40C87FBDCDF9D42B55B0EB
                                                                                                                                                                                                                                                                                        SHA-512:F33580EAEE70C22DEA8924453EF06DC7F4BCF5EB5957B578FBBDB10BE41DDB4A1AEBDE3E68D616399A660B11B84EED1EFD54B35962B621A4DF746FD0EC741DA6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Reputation:unknown
                                                                                                                                                                                                                                                                                        Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADN9TIwo6FoQJvKEmstmCCgEAAAABIAAABDAGgAcgBvAG0AaQB1AG0AAAAQZgAAAAEAACAAAAAqhEEvQ0wJzdwTkkuTOcpd+EmukYHL7x3AWcEqesWqpAAAAAAOgAAAAAIAACAAAABYfgv/YYS9dhRa6C5daIl5u/Nsv69uGyT0YEjYdNXEtTAAAABfuRMv6lcnaunhUw6E77DazMY9b72Ip5V3H77qb7WXxMEZV7usxIVWcrfxoPmK93hAAAAA3bueKUDzQz/JdJmIh6Q4Mjo+9K4KtTebGV7edCSONy6Oxx23sB6PgXw8TCqaTRcr60l5EjjslTtfhpPYQiLB1A=="}}

                                                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.999864638617578
                                                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                        File name:Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        File size:87'733'089 bytes
                                                                                                                                                                                                                                                                                        MD5:b3cbd672cb20b2112488d26a6b325e69
                                                                                                                                                                                                                                                                                        SHA1:c752f280a123a30177ba1e17d770bead2c0644a9
                                                                                                                                                                                                                                                                                        SHA256:9bdec941d05ba0c0f365e2198600914d6001745cf554b8e6673d5045b7f6205d
                                                                                                                                                                                                                                                                                        SHA512:d05f023b6ba42004e9239a4bec8e9e652e6ea096a9347489342ad5a576e45c712cd79c15f20810a267675301715aeeef06c3cf372eb69222c1fcecf490c7fea2
                                                                                                                                                                                                                                                                                        SSDEEP:1572864:Zhe4h6QM19C+RetuwvQkvBGvkJciBW7MIXqCAlG1hZaUXv6:Zhe4lMDCSwvRpPndlG7Z0
                                                                                                                                                                                                                                                                                        TLSH:A11833263A9250E3F4ED53F627C4D0238ADF2DBF4FC1452A2AE921FB6575921C19C06B
                                                                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@.

                                                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                                                        Icon Hash:06233b25a3930321

                                                                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Entrypoint:0x40338f
                                                                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                        Time Stamp:0x5C157F86 [Sat Dec 15 22:26:14 2018 UTC]
                                                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                                                                        File Version Major:4
                                                                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                        Import Hash:b34f154ec913d2d2c435cbd644e91687

                                                                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                                                        sub esp, 000002D4h
                                                                                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                                        push edi
                                                                                                                                                                                                                                                                                        push 00000020h
                                                                                                                                                                                                                                                                                        pop edi
                                                                                                                                                                                                                                                                                        xor ebx, ebx
                                                                                                                                                                                                                                                                                        push 00008001h
                                                                                                                                                                                                                                                                                        mov dword ptr [esp+14h], ebx
                                                                                                                                                                                                                                                                                        mov dword ptr [esp+10h], 0040A2E0h
                                                                                                                                                                                                                                                                                        mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                                                                                                                                        call dword ptr [004080A8h]
                                                                                                                                                                                                                                                                                        call dword ptr [004080A4h]
                                                                                                                                                                                                                                                                                        and eax, BFFFFFFFh
                                                                                                                                                                                                                                                                                        cmp ax, 00000006h
                                                                                                                                                                                                                                                                                        mov dword ptr [0047AEECh], eax
                                                                                                                                                                                                                                                                                        je 00007F2F20CE56C3h
                                                                                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                                                                                        call 00007F2F20CE8975h
                                                                                                                                                                                                                                                                                        cmp eax, ebx
                                                                                                                                                                                                                                                                                        je 00007F2F20CE56B9h
                                                                                                                                                                                                                                                                                        push 00000C00h
                                                                                                                                                                                                                                                                                        call eax
                                                                                                                                                                                                                                                                                        mov esi, 004082B0h
                                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                                        call 00007F2F20CE88EFh
                                                                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                                                                        call dword ptr [00408150h]
                                                                                                                                                                                                                                                                                        lea esi, dword ptr [esi+eax+01h]
                                                                                                                                                                                                                                                                                        cmp byte ptr [esi], 00000000h
                                                                                                                                                                                                                                                                                        jne 00007F2F20CE569Ch
                                                                                                                                                                                                                                                                                        push 0000000Ah
                                                                                                                                                                                                                                                                                        call 00007F2F20CE8948h
                                                                                                                                                                                                                                                                                        push 00000008h
                                                                                                                                                                                                                                                                                        call 00007F2F20CE8941h
                                                                                                                                                                                                                                                                                        push 00000006h
                                                                                                                                                                                                                                                                                        mov dword ptr [0047AEE4h], eax
                                                                                                                                                                                                                                                                                        call 00007F2F20CE8935h
                                                                                                                                                                                                                                                                                        cmp eax, ebx
                                                                                                                                                                                                                                                                                        je 00007F2F20CE56C1h
                                                                                                                                                                                                                                                                                        push 0000001Eh
                                                                                                                                                                                                                                                                                        call eax
                                                                                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                                                                                        je 00007F2F20CE56B9h
                                                                                                                                                                                                                                                                                        or byte ptr [0047AEEFh], 00000040h
                                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                                        call dword ptr [00408044h]
                                                                                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                                                                                        call dword ptr [004082A0h]
                                                                                                                                                                                                                                                                                        mov dword ptr [0047AFB8h], eax
                                                                                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                                                                                        lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                                                                                                        push 000002B4h
                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                                                                                        push 00440208h
                                                                                                                                                                                                                                                                                        call dword ptr [00408188h]
                                                                                                                                                                                                                                                                                        push 0040A2C8h

                                                                                                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                                                                                        • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x19f0000x2dd58.rsrc
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                        .text0x10000x66270x68007618d4c0cd8bb67ea9595b4266b3a91fFalse0.6646259014423077data6.450282348506287IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                        .rdata0x80000x14a20x1600eecac1fed9cc6b447d50940d178404d8False0.4405184659090909data5.025178929113415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                        .data0xa0000x70ff80x600db8f31a08a2242d80c29e1f9500c6527False0.5182291666666666data4.037117731448378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                        .ndata0x7b0000x1240000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                        .rsrc0x19f0000x2dd580x2de008c530dd2812e37a45c1ed0a67b6ad4ddFalse0.22466259366485014data4.8955900569696364IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                        RT_ICON0x19f6280x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.08976103158641903
                                                                                                                                                                                                                                                                                        RT_ICON0x1afe500x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.13509039310489804
                                                                                                                                                                                                                                                                                        RT_ICON0x1b92f80x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.16344731977818855
                                                                                                                                                                                                                                                                                        RT_ICON0x1be7800x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.16786726499763815
                                                                                                                                                                                                                                                                                        RT_ICON0x1c29a80x417fPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9886085763702511
                                                                                                                                                                                                                                                                                        RT_ICON0x1c6b280x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.2437759336099585
                                                                                                                                                                                                                                                                                        RT_ICON0x1c90d00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.3393527204502814
                                                                                                                                                                                                                                                                                        RT_ICON0x1ca1780x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.4766393442622951
                                                                                                                                                                                                                                                                                        RT_ICON0x1cab000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6187943262411347
                                                                                                                                                                                                                                                                                        RT_DIALOG0x1caf680x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                                                                                                                        RT_DIALOG0x1cb1700xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                                                                                                                        RT_DIALOG0x1cb2680xeedataEnglishUnited States0.6260504201680672
                                                                                                                                                                                                                                                                                        RT_DIALOG0x1cb3580x1fadataEnglishUnited States0.40118577075098816
                                                                                                                                                                                                                                                                                        RT_DIALOG0x1cb5580xf0dataEnglishUnited States0.6666666666666666
                                                                                                                                                                                                                                                                                        RT_DIALOG0x1cb6480xe6dataEnglishUnited States0.6565217391304348
                                                                                                                                                                                                                                                                                        RT_DIALOG0x1cb7300x1eedataEnglishUnited States0.38866396761133604
                                                                                                                                                                                                                                                                                        RT_DIALOG0x1cb9200xe4dataEnglishUnited States0.6447368421052632
                                                                                                                                                                                                                                                                                        RT_DIALOG0x1cba080xdadataEnglishUnited States0.6422018348623854
                                                                                                                                                                                                                                                                                        RT_DIALOG0x1cbae80x1eedataEnglishUnited States0.3866396761133603
                                                                                                                                                                                                                                                                                        RT_DIALOG0x1cbcd80xe4dataEnglishUnited States0.6359649122807017
                                                                                                                                                                                                                                                                                        RT_DIALOG0x1cbdc00xdadataEnglishUnited States0.6376146788990825
                                                                                                                                                                                                                                                                                        RT_DIALOG0x1cbea00x1f2dataEnglishUnited States0.39759036144578314
                                                                                                                                                                                                                                                                                        RT_DIALOG0x1cc0980xe8dataEnglishUnited States0.6508620689655172
                                                                                                                                                                                                                                                                                        RT_DIALOG0x1cc1800xdedataEnglishUnited States0.6486486486486487
                                                                                                                                                                                                                                                                                        RT_DIALOG0x1cc2600x202dataEnglishUnited States0.42217898832684825
                                                                                                                                                                                                                                                                                        RT_DIALOG0x1cc4680xf8dataEnglishUnited States0.6653225806451613
                                                                                                                                                                                                                                                                                        RT_DIALOG0x1cc5600xeedataEnglishUnited States0.6512605042016807
                                                                                                                                                                                                                                                                                        RT_GROUP_ICON0x1cc6500x84dataEnglishUnited States0.7272727272727273
                                                                                                                                                                                                                                                                                        RT_VERSION0x1cc6d80x258dataEnglishUnited States0.48833333333333334
                                                                                                                                                                                                                                                                                        RT_MANIFEST0x1cc9300x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076

                                                                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                                                        KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                                                                                                                                                                                                        USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                                                                                                                                                                                                                        GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                                                                                                                                        SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                                                                                                                                                                                                                        ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                                                                                                                                                                                        COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                                                                                                                                                                        ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:39.725644112 CET4974080192.168.2.4104.26.13.205
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:39.730475903 CET8049740104.26.13.205192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:39.730534077 CET4974080192.168.2.4104.26.13.205
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:39.737731934 CET4974080192.168.2.4104.26.13.205
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:39.742544889 CET8049740104.26.13.205192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:40.186847925 CET8049740104.26.13.205192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:40.187627077 CET4974080192.168.2.4104.26.13.205
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:40.192672968 CET8049740104.26.13.205192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:40.192718029 CET4974080192.168.2.4104.26.13.205
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:45.588881969 CET49744443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:45.588922977 CET44349744172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:45.589159966 CET49744443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:45.604034901 CET49744443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:45.604046106 CET44349744172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:46.130115032 CET44349744172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:46.130583048 CET49744443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:46.130595922 CET44349744172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:46.131458044 CET44349744172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:46.131541014 CET49744443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:46.132693052 CET49744443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:46.132719040 CET44349744172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:46.132783890 CET49744443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:46.666645050 CET49745443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:46.666690111 CET44349745172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:46.666832924 CET49745443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:46.673259974 CET49745443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:46.673276901 CET44349745172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.133915901 CET44349745172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.134470940 CET49745443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.134488106 CET44349745172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.135390997 CET44349745172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.135456085 CET49745443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.136456013 CET49745443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.136507988 CET44349745172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.136584997 CET49745443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.139853954 CET49746443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.139882088 CET44349746172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.139945030 CET49746443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.140255928 CET49746443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.140263081 CET44349746172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.602308035 CET44349746172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.602709055 CET49746443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.602724075 CET44349746172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.603760004 CET44349746172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.603876114 CET49746443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.604872942 CET49746443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.604893923 CET44349746172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.605015993 CET44349746172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.605077982 CET49746443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.605077982 CET49746443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.608119011 CET49747443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.608159065 CET44349747172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.608289957 CET49747443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.608561993 CET49747443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:47.608587027 CET44349747172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.065661907 CET44349747172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.066149950 CET49747443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.066162109 CET44349747172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.067140102 CET44349747172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.067239046 CET49747443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.072390079 CET49747443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.072423935 CET44349747172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.072483063 CET49747443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.110641956 CET49748443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.110685110 CET4434974845.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.110810041 CET49748443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.111190081 CET49748443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.111205101 CET4434974845.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.201800108 CET49749443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.201822042 CET44349749162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.201913118 CET49749443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.202430010 CET49749443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.202442884 CET44349749162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.690814972 CET44349749162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.691220045 CET49749443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.691247940 CET44349749162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.692682028 CET44349749162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.692738056 CET49749443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.693878889 CET49749443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.693943024 CET44349749162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.740086079 CET4434974845.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.740381956 CET49748443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.740394115 CET4434974845.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.741249084 CET4434974845.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.741344929 CET49748443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.742093086 CET49748443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.742122889 CET4434974845.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.742196083 CET49748443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.754367113 CET49750443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.754390001 CET44349750143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.754522085 CET49750443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.754729033 CET49750443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.754740953 CET44349750143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.838954926 CET49749443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.838968992 CET44349749162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.953201056 CET49749443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.240772009 CET44349750143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.241188049 CET49750443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.241203070 CET44349750143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.242062092 CET44349750143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.242122889 CET49750443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.242780924 CET49750443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.242821932 CET44349750143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.242867947 CET49750443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.246386051 CET49751443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.246423006 CET44349751172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.246494055 CET49751443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.246742010 CET49751443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.246754885 CET44349751172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.702625036 CET44349751172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.703243971 CET49751443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.703259945 CET44349751172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.704443932 CET44349751172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.704600096 CET49751443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.706548929 CET49751443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.706578016 CET44349751172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.706715107 CET44349751172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.706792116 CET49751443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:49.706792116 CET49751443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.110882044 CET49765443192.168.2.4142.250.185.161
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.110909939 CET44349765142.250.185.161192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.110969067 CET49765443192.168.2.4142.250.185.161
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.111217976 CET49765443192.168.2.4142.250.185.161
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.111242056 CET44349765142.250.185.161192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.388052940 CET49769443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.388075113 CET4434976945.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.388251066 CET49769443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.388767958 CET49769443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.388782978 CET4434976945.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.746526003 CET49765443192.168.2.4142.250.185.161
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.036917925 CET4434976945.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.037257910 CET49769443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.037285089 CET4434976945.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.038140059 CET4434976945.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.038197041 CET49769443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.038834095 CET49769443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.038866997 CET4434976945.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.038950920 CET49769443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.041065931 CET49770443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.041091919 CET44349770143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.041151047 CET49770443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.041376114 CET49770443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.041388988 CET44349770143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.503931046 CET44349770143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.504303932 CET49770443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.504333973 CET44349770143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.505340099 CET44349770143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.505402088 CET49770443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.506133080 CET49770443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.506166935 CET44349770143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.506222963 CET49770443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.509385109 CET49771443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.509433985 CET44349771172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.509557009 CET49771443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.509831905 CET49771443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.509848118 CET44349771172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.963049889 CET44349771172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.965862989 CET49771443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.965882063 CET44349771172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.966905117 CET44349771172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.967006922 CET49771443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.967705011 CET49771443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.967739105 CET44349771172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.967864990 CET44349771172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.967875957 CET49771443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:58.967955112 CET49771443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:59.379689932 CET49772443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:59.379745007 CET44349772172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:59.379842997 CET49772443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:59.394988060 CET49772443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:59.395009995 CET44349772172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:59.868875027 CET44349772172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:59.869829893 CET49772443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:59.869853973 CET44349772172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:59.870876074 CET44349772172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:59.870937109 CET49772443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:59.872884989 CET49772443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:59.872920990 CET44349772172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:59.872981071 CET49772443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:00.885848999 CET49773443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:00.885885000 CET44349773172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:00.885946989 CET49773443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:00.886229038 CET49773443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:00.886245012 CET44349773172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:01.376013041 CET44349773172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:01.384382963 CET49773443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:01.384404898 CET44349773172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:01.385270119 CET44349773172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:01.385328054 CET49773443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:01.397928953 CET49773443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:01.397957087 CET44349773172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:01.398066998 CET49773443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:03.588675022 CET44349749162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:03.588728905 CET44349749162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:03.593714952 CET49749443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:09.721237898 CET49815443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:09.721286058 CET4434981545.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:09.721345901 CET49815443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:09.721682072 CET49815443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:09.721693993 CET4434981545.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.347935915 CET4434981545.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.348381996 CET49815443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.348407984 CET4434981545.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.349406958 CET4434981545.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.349467039 CET49815443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.350241899 CET49815443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.350276947 CET4434981545.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.350384951 CET4434981545.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.350397110 CET49815443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.350430012 CET49815443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.362549067 CET49821443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.362588882 CET44349821143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.362652063 CET49821443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.362907887 CET49821443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.362929106 CET44349821143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.836270094 CET44349821143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.875575066 CET49821443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.875600100 CET44349821143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.876652956 CET44349821143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.876717091 CET49821443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.921026945 CET49821443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.921103954 CET44349821143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.921211004 CET49821443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.956569910 CET49826443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.956635952 CET44349826172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.957299948 CET49826443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.958287954 CET49826443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.958302021 CET44349826172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:11.461424112 CET44349826172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:11.461822033 CET49826443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:11.461843014 CET44349826172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:11.462816000 CET44349826172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:11.462872028 CET49826443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:11.463576078 CET49826443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:11.463603973 CET44349826172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:11.463660955 CET49826443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:11.550770998 CET49832443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:11.550828934 CET44349832172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:11.550898075 CET49832443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:11.551112890 CET49832443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:11.551125050 CET44349832172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:12.016727924 CET44349832172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:12.017143011 CET49832443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:12.017158985 CET44349832172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:12.018027067 CET44349832172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:12.018091917 CET49832443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:12.018771887 CET49832443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:12.018800020 CET44349832172.67.193.41192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:12.018847942 CET49832443192.168.2.4172.67.193.41
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:48.600738049 CET49749443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:48.600769043 CET44349749162.159.61.3192.168.2.4

                                                                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:39.710695028 CET5725353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:39.717189074 CET53572531.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:45.553050995 CET5866553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:45.566720963 CET53586651.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.095640898 CET4923453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.102807045 CET53492341.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.190397024 CET5941753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.190397024 CET5676153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.197109938 CET53567611.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.199086905 CET53594171.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.201241016 CET62207443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.517983913 CET62207443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.645350933 CET44362207162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.645370007 CET44362207162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.659455061 CET44362207162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.659672022 CET44362207162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.659686089 CET44362207162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.667663097 CET62207443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.668937922 CET62207443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.670533895 CET62207443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.670805931 CET62207443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.671566963 CET62207443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.746417999 CET5433553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.753550053 CET53543351.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.765386105 CET44362207162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.765397072 CET44362207162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.765404940 CET44362207162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.765414953 CET44362207162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.765424967 CET44362207162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.765765905 CET62207443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.765996933 CET62207443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.766892910 CET44362207162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.768619061 CET44362207162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.807991982 CET62207443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.860486984 CET44362207162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.885951996 CET62207443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:55.568166971 CET6353153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:55.568547964 CET5204353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:55.575469017 CET53520431.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:56.569652081 CET5666053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:56.569905043 CET5013853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.102891922 CET6206553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.103082895 CET5209053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.109850883 CET53620651.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.109941959 CET53520901.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.352032900 CET4938253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.361670971 CET53493821.1.1.1192.168.2.4

                                                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:39.710695028 CET192.168.2.41.1.1.10xa23dStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:45.553050995 CET192.168.2.41.1.1.10x20bcStandard query (0)api.iwannaeatcats.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.095640898 CET192.168.2.41.1.1.10x239dStandard query (0)api.gofile.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.190397024 CET192.168.2.41.1.1.10xdb83Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.190397024 CET192.168.2.41.1.1.10x91ecStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.746417999 CET192.168.2.41.1.1.10x712aStandard query (0)file.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:55.568166971 CET192.168.2.41.1.1.10xd1dStandard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:55.568547964 CET192.168.2.41.1.1.10x3ca8Standard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:56.569652081 CET192.168.2.41.1.1.10x1719Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:56.569905043 CET192.168.2.41.1.1.10xeedeStandard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.102891922 CET192.168.2.41.1.1.10x8a87Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.103082895 CET192.168.2.41.1.1.10x49baStandard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.352032900 CET192.168.2.41.1.1.10x8ea6Standard query (0)file.ioA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:39.717189074 CET1.1.1.1192.168.2.40xa23dNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:39.717189074 CET1.1.1.1192.168.2.40xa23dNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:39.717189074 CET1.1.1.1192.168.2.40xa23dNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:45.566720963 CET1.1.1.1192.168.2.40x20bcNo error (0)api.iwannaeatcats.com172.67.193.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:45.566720963 CET1.1.1.1192.168.2.40x20bcNo error (0)api.iwannaeatcats.com104.21.20.153A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.102807045 CET1.1.1.1192.168.2.40x239dNo error (0)api.gofile.io45.112.123.126A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.197109938 CET1.1.1.1192.168.2.40x91ecNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.199086905 CET1.1.1.1192.168.2.40xdb83No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.199086905 CET1.1.1.1192.168.2.40xdb83No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:48.753550053 CET1.1.1.1192.168.2.40x712aNo error (0)file.io143.244.215.221A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:55.575457096 CET1.1.1.1192.168.2.40xd1dNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:55.575469017 CET1.1.1.1192.168.2.40x3ca8No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:56.577115059 CET1.1.1.1192.168.2.40xeedeNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:56.578799963 CET1.1.1.1192.168.2.40x1719No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.109850883 CET1.1.1.1192.168.2.40x8a87No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.109850883 CET1.1.1.1192.168.2.40x8a87No error (0)googlehosted.l.googleusercontent.com142.250.185.161A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:57.109941959 CET1.1.1.1192.168.2.40x49baNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:05:10.361670971 CET1.1.1.1192.168.2.40x8ea6No error (0)file.io143.244.215.221A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                        • api.ipify.org

                                                                                                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        0192.168.2.449740104.26.13.205801732C:\Windows\System32\curl.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:39.737731934 CET77OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                        Host: api.ipify.org
                                                                                                                                                                                                                                                                                        User-Agent: curl/7.83.1
                                                                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                                                                        Jan 5, 2025 00:04:40.186847925 CET429INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                        Date: Sat, 04 Jan 2025 23:04:40 GMT
                                                                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                                                                        Content-Length: 12
                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                        CF-RAY: 8fcede72d9ac189d-EWR
                                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1522&min_rtt=1522&rtt_var=761&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=77&delivery_rate=0&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                                                                                        Data Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                                                                                                                                                                        Data Ascii: 8.46.123.189


                                                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                                                                        Start time:18:04:04
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\Yoranis Setup.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                        File size:87'733'089 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:B3CBD672CB20B2112488D26A6B325E69
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                                                                                        Start time:18:04:06
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YoransSetup.exe" /FO csv | "C:\Windows\system32\find.exe" "YoransSetup.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x240000
                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                                                                                        Start time:18:04:06
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                                                                                        Start time:18:04:06
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv
                                                                                                                                                                                                                                                                                        Imagebase:0x120000
                                                                                                                                                                                                                                                                                        File size:79'360 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                                                                                        Start time:18:04:06
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\find.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\find.exe" "YoransSetup.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x9b0000
                                                                                                                                                                                                                                                                                        File size:14'848 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:15B158BC998EEF74CFDD27C44978AEA0
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                                                                        Start time:18:04:34
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7904e0000
                                                                                                                                                                                                                                                                                        File size:173'936'640 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:19A61DB800E68F1BCB442D9B2531E6BC
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                                                                        Start time:18:04:36
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                                                                        Start time:18:04:36
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                                                                        Start time:18:04:37
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                                                                                        Start time:18:04:38
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1748 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7904e0000
                                                                                                                                                                                                                                                                                        File size:173'936'640 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:19A61DB800E68F1BCB442D9B2531E6BC
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                                                                                        Start time:18:04:38
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                                                                                        Start time:18:04:38
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                                                                                        Start time:18:04:38
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\curl.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:curl http://api.ipify.org/ --ssl-no-revoke
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff71e800000
                                                                                                                                                                                                                                                                                        File size:530'944 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                                                                                                        Start time:18:04:39
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                                                                                                        Start time:18:04:39
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                                                                                        Start time:18:04:39
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:wmic bios get smbiosbiosversion
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6b5300000
                                                                                                                                                                                                                                                                                        File size:576'000 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                                                                                        Start time:18:04:40
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2428 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7904e0000
                                                                                                                                                                                                                                                                                        File size:173'936'640 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:19A61DB800E68F1BCB442D9B2531E6BC
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                                                                                        Start time:18:04:40
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                                                                                                        Start time:18:04:40
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                                                                                                                        Start time:18:04:40
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:wmic MemoryChip get /format:list
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6b5300000
                                                                                                                                                                                                                                                                                        File size:576'000 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                                                                                                        Start time:18:04:40
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:find /i "Speed"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7a0020000
                                                                                                                                                                                                                                                                                        File size:17'920 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:26
                                                                                                                                                                                                                                                                                        Start time:18:04:41
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                                                                                        Start time:18:04:41
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                                                                                                        Start time:18:04:41
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:wmic path win32_VideoController get name
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6b5300000
                                                                                                                                                                                                                                                                                        File size:576'000 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:29
                                                                                                                                                                                                                                                                                        Start time:18:04:42
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:30
                                                                                                                                                                                                                                                                                        Start time:18:04:42
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:31
                                                                                                                                                                                                                                                                                        Start time:18:04:42
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff788560000
                                                                                                                                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:33
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:35
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:36
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:37
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM chrome.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:38
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:39
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:40
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM msedge.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:41
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:42
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:43
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM brave.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:44
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:45
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:46
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:47
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:48
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM firefox.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:49
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:50
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:51
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:52
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:53
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM opera.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:54
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:55
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:56
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:57
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:58
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:59
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:60
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:61
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:62
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:63
                                                                                                                                                                                                                                                                                        Start time:18:04:45
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:64
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:65
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:66
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:67
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:68
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:69
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:70
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:71
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:72
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:73
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:74
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:75
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:76
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:77
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM orbitum.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:78
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM kometa.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:79
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM epicprivacybrowser.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:80
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM vivaldi.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:81
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist /FI "IMAGENAME eq firefox.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:82
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist /FI "IMAGENAME eq chrome.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:83
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM sputnik.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:84
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist /FI "IMAGENAME eq iexplore.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:85
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM 7star.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:86
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM iridium.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:87
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM yandex.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:88
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist /FI "IMAGENAME eq msedge.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:89
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist /FI "IMAGENAME eq iexplore.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:90
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM centbrowser.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:91
                                                                                                                                                                                                                                                                                        Start time:18:04:46
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM uran.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:92
                                                                                                                                                                                                                                                                                        Start time:18:04:48
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:93
                                                                                                                                                                                                                                                                                        Start time:18:04:48
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:94
                                                                                                                                                                                                                                                                                        Start time:18:04:48
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:95
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:96
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:97
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:98
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM chrome.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:99
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:100
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM msedge.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:101
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:102
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:103
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:104
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:105
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:106
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:107
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM brave.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:108
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:109
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:110
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM firefox.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:111
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:112
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:113
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:114
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:115
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:116
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:117
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:118
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:119
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:120
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:121
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM orbitum.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:122
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM opera.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:123
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM centbrowser.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:124
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM kometa.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:125
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:126
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:127
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM sputnik.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:128
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:129
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:130
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:131
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:"C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:132
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:133
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:134
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM 7star.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:135
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:136
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:137
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:138
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:139
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:140
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:141
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:142
                                                                                                                                                                                                                                                                                        Start time:18:04:49
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:143
                                                                                                                                                                                                                                                                                        Start time:18:04:50
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM vivaldi.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:144
                                                                                                                                                                                                                                                                                        Start time:18:04:50
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM yandex.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:145
                                                                                                                                                                                                                                                                                        Start time:18:04:50
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM epicprivacybrowser.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:146
                                                                                                                                                                                                                                                                                        Start time:18:04:50
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM uran.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:147
                                                                                                                                                                                                                                                                                        Start time:18:04:50
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM iridium.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:148
                                                                                                                                                                                                                                                                                        Start time:18:04:50
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist /FI "IMAGENAME eq msedge.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:149
                                                                                                                                                                                                                                                                                        Start time:18:04:50
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist /FI "IMAGENAME eq chrome.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:150
                                                                                                                                                                                                                                                                                        Start time:18:04:50
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist /FI "IMAGENAME eq firefox.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:151
                                                                                                                                                                                                                                                                                        Start time:18:04:50
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist /FI "IMAGENAME eq iexplore.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:152
                                                                                                                                                                                                                                                                                        Start time:18:04:51
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist /FI "IMAGENAME eq iexplore.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:153
                                                                                                                                                                                                                                                                                        Start time:18:04:51
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\dllhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff70f330000
                                                                                                                                                                                                                                                                                        File size:21'312 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:154
                                                                                                                                                                                                                                                                                        Start time:18:04:52
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:"C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:155
                                                                                                                                                                                                                                                                                        Start time:18:04:53
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2112 --field-trial-handle=1984,i,3389205332898887649,4173586543709646972,262144 /prefetch:3
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:156
                                                                                                                                                                                                                                                                                        Start time:18:04:54
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\backgroundTaskHost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6ec4b0000
                                                                                                                                                                                                                                                                                        File size:19'776 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:DA7063B17DBB8BBB3015351016868006
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:157
                                                                                                                                                                                                                                                                                        Start time:18:04:58
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:158
                                                                                                                                                                                                                                                                                        Start time:18:04:58
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:159
                                                                                                                                                                                                                                                                                        Start time:18:04:58
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:160
                                                                                                                                                                                                                                                                                        Start time:18:04:58
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:161
                                                                                                                                                                                                                                                                                        Start time:18:04:58
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:162
                                                                                                                                                                                                                                                                                        Start time:18:04:58
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:163
                                                                                                                                                                                                                                                                                        Start time:18:04:58
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:164
                                                                                                                                                                                                                                                                                        Start time:18:04:59
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:165
                                                                                                                                                                                                                                                                                        Start time:18:04:59
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:166
                                                                                                                                                                                                                                                                                        Start time:18:05:00
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:167
                                                                                                                                                                                                                                                                                        Start time:18:05:00
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:168
                                                                                                                                                                                                                                                                                        Start time:18:05:00
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:169
                                                                                                                                                                                                                                                                                        Start time:18:05:00
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:170
                                                                                                                                                                                                                                                                                        Start time:18:05:00
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:171
                                                                                                                                                                                                                                                                                        Start time:18:05:00
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM Steam.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:172
                                                                                                                                                                                                                                                                                        Start time:18:05:01
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:173
                                                                                                                                                                                                                                                                                        Start time:18:05:01
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:174
                                                                                                                                                                                                                                                                                        Start time:18:05:01
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:taskkill /IM javaw.exe /F
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff72bd90000
                                                                                                                                                                                                                                                                                        File size:101'376 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:175
                                                                                                                                                                                                                                                                                        Start time:18:05:02
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:176
                                                                                                                                                                                                                                                                                        Start time:18:05:02
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:177
                                                                                                                                                                                                                                                                                        Start time:18:05:02
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:178
                                                                                                                                                                                                                                                                                        Start time:18:05:03
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:179
                                                                                                                                                                                                                                                                                        Start time:18:05:03
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:180
                                                                                                                                                                                                                                                                                        Start time:18:05:03
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:181
                                                                                                                                                                                                                                                                                        Start time:18:05:04
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:182
                                                                                                                                                                                                                                                                                        Start time:18:05:04
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:183
                                                                                                                                                                                                                                                                                        Start time:18:05:04
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:184
                                                                                                                                                                                                                                                                                        Start time:18:05:04
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:185
                                                                                                                                                                                                                                                                                        Start time:18:05:04
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:186
                                                                                                                                                                                                                                                                                        Start time:18:05:04
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:187
                                                                                                                                                                                                                                                                                        Start time:18:05:05
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff60d2d0000
                                                                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:188
                                                                                                                                                                                                                                                                                        Start time:18:05:05
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:189
                                                                                                                                                                                                                                                                                        Start time:18:05:05
                                                                                                                                                                                                                                                                                        Start date:04/01/2025
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff791270000
                                                                                                                                                                                                                                                                                        File size:106'496 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                          Execution Coverage:27%
                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                          Signature Coverage:20.2%
                                                                                                                                                                                                                                                                                          Total number of Nodes:1333
                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:35
                                                                                                                                                                                                                                                                                          execution_graph 2912 401941 2913 401943 2912->2913 2918 402c41 2913->2918 2919 402c4d 2918->2919 2960 4062dc 2919->2960 2922 401948 2924 4059cc 2922->2924 3002 405c97 2924->3002 2927 4059f4 DeleteFileW 2957 401951 2927->2957 2928 405a0b 2929 405b2b 2928->2929 3016 4062ba lstrcpynW 2928->3016 2929->2957 3045 4065fd FindFirstFileW 2929->3045 2931 405a31 2932 405a44 2931->2932 2933 405a37 lstrcatW 2931->2933 3018 405bdb lstrlenW 2932->3018 2934 405a4a 2933->2934 2937 405a5a lstrcatW 2934->2937 2939 405a65 lstrlenW FindFirstFileW 2934->2939 2937->2939 2939->2929 2949 405a87 2939->2949 2942 405984 5 API calls 2945 405b66 2942->2945 2944 405b0e FindNextFileW 2946 405b24 FindClose 2944->2946 2944->2949 2947 405b80 2945->2947 2948 405b6a 2945->2948 2946->2929 2951 405322 24 API calls 2947->2951 2952 405322 24 API calls 2948->2952 2948->2957 2949->2944 2953 4059cc 60 API calls 2949->2953 2955 405322 24 API calls 2949->2955 3017 4062ba lstrcpynW 2949->3017 3022 405984 2949->3022 3030 405322 2949->3030 3041 406080 MoveFileExW 2949->3041 2951->2957 2954 405b77 2952->2954 2953->2949 2956 406080 36 API calls 2954->2956 2955->2944 2956->2957 2973 4062e9 2960->2973 2961 406534 2962 402c6e 2961->2962 2993 4062ba lstrcpynW 2961->2993 2962->2922 2977 40654e 2962->2977 2964 406502 lstrlenW 2964->2973 2965 4062dc 10 API calls 2965->2964 2968 406417 GetSystemDirectoryW 2968->2973 2970 40642a GetWindowsDirectoryW 2970->2973 2971 40654e 5 API calls 2971->2973 2972 4064a5 lstrcatW 2972->2973 2973->2961 2973->2964 2973->2965 2973->2968 2973->2970 2973->2971 2973->2972 2974 40645e SHGetSpecialFolderLocation 2973->2974 2975 4062dc 10 API calls 2973->2975 2986 406188 2973->2986 2991 406201 wsprintfW 2973->2991 2992 4062ba lstrcpynW 2973->2992 2974->2973 2976 406476 SHGetPathFromIDListW CoTaskMemFree 2974->2976 2975->2973 2976->2973 2980 40655b 2977->2980 2978 4065d1 2979 4065d6 CharPrevW 2978->2979 2983 4065f7 2978->2983 2979->2978 2980->2978 2981 4065c4 CharNextW 2980->2981 2984 4065b0 CharNextW 2980->2984 2985 4065bf CharNextW 2980->2985 2998 405bbc 2980->2998 2981->2978 2981->2980 2983->2922 2984->2980 2985->2981 2994 406127 2986->2994 2989 4061ec 2989->2973 2990 4061bc RegQueryValueExW RegCloseKey 2990->2989 2991->2973 2992->2973 2993->2962 2995 406136 2994->2995 2996 40613a 2995->2996 2997 40613f RegOpenKeyExW 2995->2997 2996->2989 2996->2990 2997->2996 2999 405bc2 2998->2999 3000 405bd8 2999->3000 3001 405bc9 CharNextW 2999->3001 3000->2980 3001->2999 3051 4062ba lstrcpynW 3002->3051 3004 405ca8 3052 405c3a CharNextW CharNextW 3004->3052 3007 4059ec 3007->2927 3007->2928 3008 40654e 5 API calls 3011 405cbe 3008->3011 3009 405cef lstrlenW 3010 405cfa 3009->3010 3009->3011 3012 405b8f 3 API calls 3010->3012 3011->3007 3011->3009 3013 4065fd 2 API calls 3011->3013 3015 405bdb 2 API calls 3011->3015 3014 405cff GetFileAttributesW 3012->3014 3013->3011 3014->3007 3015->3009 3016->2931 3017->2949 3019 405be9 3018->3019 3020 405bfb 3019->3020 3021 405bef CharPrevW 3019->3021 3020->2934 3021->3019 3021->3020 3058 405d8b GetFileAttributesW 3022->3058 3025 4059b1 3025->2949 3026 4059a7 DeleteFileW 3028 4059ad 3026->3028 3027 40599f RemoveDirectoryW 3027->3028 3028->3025 3029 4059bd SetFileAttributesW 3028->3029 3029->3025 3031 40533d 3030->3031 3040 4053df 3030->3040 3032 405359 lstrlenW 3031->3032 3033 4062dc 17 API calls 3031->3033 3034 405382 3032->3034 3035 405367 lstrlenW 3032->3035 3033->3032 3037 405395 3034->3037 3038 405388 SetWindowTextW 3034->3038 3036 405379 lstrcatW 3035->3036 3035->3040 3036->3034 3039 40539b SendMessageW SendMessageW SendMessageW 3037->3039 3037->3040 3038->3037 3039->3040 3040->2949 3042 4060a1 3041->3042 3043 406094 3041->3043 3042->2949 3061 405f06 3043->3061 3046 406613 FindClose 3045->3046 3047 405b50 3045->3047 3046->3047 3047->2957 3048 405b8f lstrlenW CharPrevW 3047->3048 3049 405b5a 3048->3049 3050 405bab lstrcatW 3048->3050 3049->2942 3050->3049 3051->3004 3053 405c57 3052->3053 3056 405c69 3052->3056 3055 405c64 CharNextW 3053->3055 3053->3056 3054 405c8d 3054->3007 3054->3008 3055->3054 3056->3054 3057 405bbc CharNextW 3056->3057 3057->3056 3059 405990 3058->3059 3060 405d9d SetFileAttributesW 3058->3060 3059->3025 3059->3026 3059->3027 3060->3059 3062 405f36 3061->3062 3063 405f5c GetShortPathNameW 3061->3063 3088 405db0 GetFileAttributesW CreateFileW 3062->3088 3065 405f71 3063->3065 3066 40607b 3063->3066 3065->3066 3067 405f79 wsprintfA 3065->3067 3066->3042 3069 4062dc 17 API calls 3067->3069 3068 405f40 CloseHandle GetShortPathNameW 3068->3066 3070 405f54 3068->3070 3071 405fa1 3069->3071 3070->3063 3070->3066 3089 405db0 GetFileAttributesW CreateFileW 3071->3089 3073 405fae 3073->3066 3074 405fbd GetFileSize GlobalAlloc 3073->3074 3075 406074 CloseHandle 3074->3075 3076 405fdf 3074->3076 3075->3066 3090 405e33 ReadFile 3076->3090 3081 406012 3083 405d15 4 API calls 3081->3083 3082 405ffe lstrcpyA 3084 406020 3082->3084 3083->3084 3085 406057 SetFilePointer 3084->3085 3097 405e62 WriteFile 3085->3097 3088->3068 3089->3073 3091 405e51 3090->3091 3091->3075 3092 405d15 lstrlenA 3091->3092 3093 405d56 lstrlenA 3092->3093 3094 405d2f lstrcmpiA 3093->3094 3095 405d5e 3093->3095 3094->3095 3096 405d4d CharNextA 3094->3096 3095->3081 3095->3082 3096->3093 3098 405e80 GlobalFree 3097->3098 3098->3075 3099 4015c1 3100 402c41 17 API calls 3099->3100 3101 4015c8 3100->3101 3102 405c3a 4 API calls 3101->3102 3114 4015d1 3102->3114 3103 401631 3105 401663 3103->3105 3106 401636 3103->3106 3104 405bbc CharNextW 3104->3114 3108 401423 24 API calls 3105->3108 3126 401423 3106->3126 3116 40165b 3108->3116 3113 40164a SetCurrentDirectoryW 3113->3116 3114->3103 3114->3104 3115 401617 GetFileAttributesW 3114->3115 3118 40588b 3114->3118 3121 4057f1 CreateDirectoryW 3114->3121 3130 40586e CreateDirectoryW 3114->3130 3115->3114 3133 406694 GetModuleHandleA 3118->3133 3122 405842 GetLastError 3121->3122 3123 40583e 3121->3123 3122->3123 3124 405851 SetFileSecurityW 3122->3124 3123->3114 3124->3123 3125 405867 GetLastError 3124->3125 3125->3123 3127 405322 24 API calls 3126->3127 3128 401431 3127->3128 3129 4062ba lstrcpynW 3128->3129 3129->3113 3131 405882 GetLastError 3130->3131 3132 40587e 3130->3132 3131->3132 3132->3114 3134 4066b0 3133->3134 3135 4066ba GetProcAddress 3133->3135 3139 406624 GetSystemDirectoryW 3134->3139 3137 405892 3135->3137 3137->3114 3138 4066b6 3138->3135 3138->3137 3140 406646 wsprintfW LoadLibraryExW 3139->3140 3140->3138 3310 401e49 3311 402c1f 17 API calls 3310->3311 3312 401e4f 3311->3312 3313 402c1f 17 API calls 3312->3313 3314 401e5b 3313->3314 3315 401e72 EnableWindow 3314->3315 3316 401e67 ShowWindow 3314->3316 3317 402ac5 3315->3317 3316->3317 3772 40264a 3773 402c1f 17 API calls 3772->3773 3777 402659 3773->3777 3774 4026a3 ReadFile 3774->3777 3784 402796 3774->3784 3775 405e33 ReadFile 3775->3777 3777->3774 3777->3775 3778 4026e3 MultiByteToWideChar 3777->3778 3779 402798 3777->3779 3781 402709 SetFilePointer MultiByteToWideChar 3777->3781 3782 4027a9 3777->3782 3777->3784 3785 405e91 SetFilePointer 3777->3785 3778->3777 3794 406201 wsprintfW 3779->3794 3781->3777 3783 4027ca SetFilePointer 3782->3783 3782->3784 3783->3784 3786 405ead 3785->3786 3787 405ec5 3785->3787 3788 405e33 ReadFile 3786->3788 3787->3777 3789 405eb9 3788->3789 3789->3787 3790 405ef6 SetFilePointer 3789->3790 3791 405ece SetFilePointer 3789->3791 3790->3787 3791->3790 3792 405ed9 3791->3792 3793 405e62 WriteFile 3792->3793 3793->3787 3794->3784 3798 4016cc 3799 402c41 17 API calls 3798->3799 3800 4016d2 GetFullPathNameW 3799->3800 3801 4016ec 3800->3801 3807 40170e 3800->3807 3804 4065fd 2 API calls 3801->3804 3801->3807 3802 401723 GetShortPathNameW 3803 402ac5 3802->3803 3805 4016fe 3804->3805 3805->3807 3808 4062ba lstrcpynW 3805->3808 3807->3802 3807->3803 3808->3807 3809 40234e 3810 402c41 17 API calls 3809->3810 3811 40235d 3810->3811 3812 402c41 17 API calls 3811->3812 3813 402366 3812->3813 3814 402c41 17 API calls 3813->3814 3815 402370 GetPrivateProfileStringW 3814->3815 3598 4038d0 3599 4038e8 3598->3599 3600 4038da CloseHandle 3598->3600 3605 403915 3599->3605 3600->3599 3603 4059cc 67 API calls 3604 4038f9 3603->3604 3606 403923 3605->3606 3607 4038ed 3606->3607 3608 403928 FreeLibrary GlobalFree 3606->3608 3607->3603 3608->3607 3608->3608 3816 401b53 3817 402c41 17 API calls 3816->3817 3818 401b5a 3817->3818 3819 402c1f 17 API calls 3818->3819 3820 401b63 wsprintfW 3819->3820 3821 402ac5 3820->3821 3822 401956 3823 402c41 17 API calls 3822->3823 3824 40195d lstrlenW 3823->3824 3825 402592 3824->3825 3826 4014d7 3827 402c1f 17 API calls 3826->3827 3828 4014dd Sleep 3827->3828 3830 402ac5 3828->3830 3655 403d58 3656 403d70 3655->3656 3657 403eab 3655->3657 3656->3657 3658 403d7c 3656->3658 3659 403efc 3657->3659 3660 403ebc GetDlgItem GetDlgItem 3657->3660 3662 403d87 SetWindowPos 3658->3662 3663 403d9a 3658->3663 3661 403f56 3659->3661 3669 401389 2 API calls 3659->3669 3664 404231 18 API calls 3660->3664 3665 40427d SendMessageW 3661->3665 3686 403ea6 3661->3686 3662->3663 3666 403db7 3663->3666 3667 403d9f ShowWindow 3663->3667 3668 403ee6 SetClassLongW 3664->3668 3698 403f68 3665->3698 3670 403dd9 3666->3670 3671 403dbf DestroyWindow 3666->3671 3667->3666 3672 40140b 2 API calls 3668->3672 3673 403f2e 3669->3673 3674 403dde SetWindowLongW 3670->3674 3675 403def 3670->3675 3725 4041ba 3671->3725 3672->3659 3673->3661 3678 403f32 SendMessageW 3673->3678 3674->3686 3676 403e98 3675->3676 3677 403dfb GetDlgItem 3675->3677 3683 404298 8 API calls 3676->3683 3681 403e2b 3677->3681 3682 403e0e SendMessageW IsWindowEnabled 3677->3682 3678->3686 3679 40140b 2 API calls 3679->3698 3680 4041bc DestroyWindow EndDialog 3680->3725 3685 403e30 3681->3685 3688 403e38 3681->3688 3690 403e7f SendMessageW 3681->3690 3691 403e4b 3681->3691 3682->3681 3682->3686 3683->3686 3684 4041eb ShowWindow 3684->3686 3692 40420a SendMessageW 3685->3692 3687 4062dc 17 API calls 3687->3698 3688->3685 3688->3690 3689 404231 18 API calls 3689->3698 3690->3676 3694 403e53 3691->3694 3695 403e68 3691->3695 3693 403e66 3692->3693 3693->3676 3697 40140b 2 API calls 3694->3697 3696 40140b 2 API calls 3695->3696 3699 403e6f 3696->3699 3697->3685 3698->3679 3698->3680 3698->3686 3698->3687 3698->3689 3700 404231 18 API calls 3698->3700 3716 4040fc DestroyWindow 3698->3716 3699->3676 3699->3685 3701 403fe3 GetDlgItem 3700->3701 3702 404000 ShowWindow KiUserCallbackDispatcher 3701->3702 3703 403ff8 3701->3703 3726 404253 KiUserCallbackDispatcher 3702->3726 3703->3702 3705 40402a EnableWindow 3710 40403e 3705->3710 3706 404043 GetSystemMenu EnableMenuItem SendMessageW 3707 404073 SendMessageW 3706->3707 3706->3710 3707->3710 3709 403d39 18 API calls 3709->3710 3710->3706 3710->3709 3727 404266 SendMessageW 3710->3727 3728 4062ba lstrcpynW 3710->3728 3712 4040a2 lstrlenW 3713 4062dc 17 API calls 3712->3713 3714 4040b8 SetWindowTextW 3713->3714 3715 401389 2 API calls 3714->3715 3715->3698 3717 404116 CreateDialogParamW 3716->3717 3716->3725 3718 404149 3717->3718 3717->3725 3719 404231 18 API calls 3718->3719 3720 404154 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3719->3720 3721 401389 2 API calls 3720->3721 3722 40419a 3721->3722 3722->3686 3723 4041a2 ShowWindow 3722->3723 3724 40427d SendMessageW 3723->3724 3724->3725 3725->3684 3725->3686 3726->3705 3727->3710 3728->3712 3831 401f58 3832 402c41 17 API calls 3831->3832 3833 401f5f 3832->3833 3834 4065fd 2 API calls 3833->3834 3835 401f65 3834->3835 3837 401f76 3835->3837 3838 406201 wsprintfW 3835->3838 3838->3837 3729 402259 3730 402c41 17 API calls 3729->3730 3731 40225f 3730->3731 3732 402c41 17 API calls 3731->3732 3733 402268 3732->3733 3734 402c41 17 API calls 3733->3734 3735 402271 3734->3735 3736 4065fd 2 API calls 3735->3736 3737 40227a 3736->3737 3738 40228b lstrlenW lstrlenW 3737->3738 3739 40227e 3737->3739 3741 405322 24 API calls 3738->3741 3740 405322 24 API calls 3739->3740 3743 402286 3739->3743 3740->3743 3742 4022c9 SHFileOperationW 3741->3742 3742->3739 3742->3743 3839 4046db 3840 404711 3839->3840 3841 4046eb 3839->3841 3843 404298 8 API calls 3840->3843 3842 404231 18 API calls 3841->3842 3844 4046f8 SetDlgItemTextW 3842->3844 3845 40471d 3843->3845 3844->3840 3744 40175c 3745 402c41 17 API calls 3744->3745 3746 401763 3745->3746 3747 405ddf 2 API calls 3746->3747 3748 40176a 3747->3748 3749 405ddf 2 API calls 3748->3749 3749->3748 3846 401d5d GetDlgItem GetClientRect 3847 402c41 17 API calls 3846->3847 3848 401d8f LoadImageW SendMessageW 3847->3848 3849 402ac5 3848->3849 3850 401dad DeleteObject 3848->3850 3850->3849 3851 4022dd 3852 4022e4 3851->3852 3853 4022f7 3851->3853 3854 4062dc 17 API calls 3852->3854 3855 4022f1 3854->3855 3856 405920 MessageBoxIndirectW 3855->3856 3856->3853 3142 405461 3143 405482 GetDlgItem GetDlgItem GetDlgItem 3142->3143 3144 40560b 3142->3144 3188 404266 SendMessageW 3143->3188 3146 405614 GetDlgItem CreateThread CloseHandle 3144->3146 3147 40563c 3144->3147 3146->3147 3211 4053f5 OleInitialize 3146->3211 3149 405667 3147->3149 3150 405653 ShowWindow ShowWindow 3147->3150 3151 40568c 3147->3151 3148 4054f2 3155 4054f9 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3148->3155 3152 405673 3149->3152 3153 4056c7 3149->3153 3193 404266 SendMessageW 3150->3193 3197 404298 3151->3197 3157 4056a1 ShowWindow 3152->3157 3158 40567b 3152->3158 3153->3151 3163 4056d5 SendMessageW 3153->3163 3161 405567 3155->3161 3162 40554b SendMessageW SendMessageW 3155->3162 3159 4056c1 3157->3159 3160 4056b3 3157->3160 3194 40420a 3158->3194 3166 40420a SendMessageW 3159->3166 3165 405322 24 API calls 3160->3165 3167 40557a 3161->3167 3168 40556c SendMessageW 3161->3168 3162->3161 3169 40569a 3163->3169 3170 4056ee CreatePopupMenu 3163->3170 3165->3159 3166->3153 3189 404231 3167->3189 3168->3167 3171 4062dc 17 API calls 3170->3171 3173 4056fe AppendMenuW 3171->3173 3175 40571b GetWindowRect 3173->3175 3176 40572e TrackPopupMenu 3173->3176 3174 40558a 3177 405593 ShowWindow 3174->3177 3178 4055c7 GetDlgItem SendMessageW 3174->3178 3175->3176 3176->3169 3180 405749 3176->3180 3181 4055b6 3177->3181 3182 4055a9 ShowWindow 3177->3182 3178->3169 3179 4055ee SendMessageW SendMessageW 3178->3179 3179->3169 3183 405765 SendMessageW 3180->3183 3192 404266 SendMessageW 3181->3192 3182->3181 3183->3183 3184 405782 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3183->3184 3186 4057a7 SendMessageW 3184->3186 3186->3186 3187 4057d0 GlobalUnlock SetClipboardData CloseClipboard 3186->3187 3187->3169 3188->3148 3190 4062dc 17 API calls 3189->3190 3191 40423c SetDlgItemTextW 3190->3191 3191->3174 3192->3178 3193->3149 3195 404211 3194->3195 3196 404217 SendMessageW 3194->3196 3195->3196 3196->3151 3198 40435b 3197->3198 3199 4042b0 GetWindowLongW 3197->3199 3198->3169 3199->3198 3200 4042c5 3199->3200 3200->3198 3201 4042f2 GetSysColor 3200->3201 3202 4042f5 3200->3202 3201->3202 3203 404305 SetBkMode 3202->3203 3204 4042fb SetTextColor 3202->3204 3205 404323 3203->3205 3206 40431d GetSysColor 3203->3206 3204->3203 3207 404334 3205->3207 3208 40432a SetBkColor 3205->3208 3206->3205 3207->3198 3209 404347 DeleteObject 3207->3209 3210 40434e CreateBrushIndirect 3207->3210 3208->3207 3209->3210 3210->3198 3218 40427d 3211->3218 3213 405418 3217 40543f 3213->3217 3221 401389 3213->3221 3214 40427d SendMessageW 3215 405451 CoUninitialize 3214->3215 3217->3214 3219 404295 3218->3219 3220 404286 SendMessageW 3218->3220 3219->3213 3220->3219 3223 401390 3221->3223 3222 4013fe 3222->3213 3223->3222 3224 4013cb MulDiv SendMessageW 3223->3224 3224->3223 3857 401563 3858 402a6b 3857->3858 3861 406201 wsprintfW 3858->3861 3860 402a70 3861->3860 3225 4023e4 3226 402c41 17 API calls 3225->3226 3227 4023f6 3226->3227 3228 402c41 17 API calls 3227->3228 3229 402400 3228->3229 3242 402cd1 3229->3242 3232 402ac5 3233 402438 3234 402444 3233->3234 3246 402c1f 3233->3246 3237 402463 RegSetValueExW 3234->3237 3249 403116 3234->3249 3235 402c41 17 API calls 3238 40242e lstrlenW 3235->3238 3240 402479 RegCloseKey 3237->3240 3238->3233 3240->3232 3243 402cec 3242->3243 3269 406155 3243->3269 3247 4062dc 17 API calls 3246->3247 3248 402c34 3247->3248 3248->3234 3250 40312f 3249->3250 3251 40315d 3250->3251 3276 403347 SetFilePointer 3250->3276 3273 403331 3251->3273 3255 4032ca 3257 40330c 3255->3257 3262 4032ce 3255->3262 3256 40317a GetTickCount 3258 4032b4 3256->3258 3265 4031c9 3256->3265 3260 403331 ReadFile 3257->3260 3258->3237 3259 403331 ReadFile 3259->3265 3260->3258 3261 403331 ReadFile 3261->3262 3262->3258 3262->3261 3263 405e62 WriteFile 3262->3263 3263->3262 3264 40321f GetTickCount 3264->3265 3265->3258 3265->3259 3265->3264 3266 403244 MulDiv wsprintfW 3265->3266 3268 405e62 WriteFile 3265->3268 3267 405322 24 API calls 3266->3267 3267->3265 3268->3265 3270 406164 3269->3270 3271 402410 3270->3271 3272 40616f RegCreateKeyExW 3270->3272 3271->3232 3271->3233 3271->3235 3272->3271 3274 405e33 ReadFile 3273->3274 3275 403168 3274->3275 3275->3255 3275->3256 3275->3258 3276->3251 3862 404367 lstrcpynW lstrlenW 3863 401968 3864 402c1f 17 API calls 3863->3864 3865 40196f 3864->3865 3866 402c1f 17 API calls 3865->3866 3867 40197c 3866->3867 3868 402c41 17 API calls 3867->3868 3869 401993 lstrlenW 3868->3869 3870 4019a4 3869->3870 3871 4019e5 3870->3871 3875 4062ba lstrcpynW 3870->3875 3873 4019d5 3873->3871 3874 4019da lstrlenW 3873->3874 3874->3871 3875->3873 3876 402868 3877 402c41 17 API calls 3876->3877 3878 40286f FindFirstFileW 3877->3878 3879 402882 3878->3879 3880 402897 3878->3880 3884 406201 wsprintfW 3880->3884 3882 4028a0 3885 4062ba lstrcpynW 3882->3885 3884->3882 3885->3879 3886 403968 3887 403973 3886->3887 3888 403977 3887->3888 3889 40397a GlobalAlloc 3887->3889 3889->3888 3890 40166a 3891 402c41 17 API calls 3890->3891 3892 401670 3891->3892 3893 4065fd 2 API calls 3892->3893 3894 401676 3893->3894 3318 40176f 3319 402c41 17 API calls 3318->3319 3320 401776 3319->3320 3321 401796 3320->3321 3322 40179e 3320->3322 3357 4062ba lstrcpynW 3321->3357 3358 4062ba lstrcpynW 3322->3358 3325 40179c 3329 40654e 5 API calls 3325->3329 3326 4017a9 3327 405b8f 3 API calls 3326->3327 3328 4017af lstrcatW 3327->3328 3328->3325 3347 4017bb 3329->3347 3330 4065fd 2 API calls 3330->3347 3331 405d8b 2 API calls 3331->3347 3333 4017cd CompareFileTime 3333->3347 3334 40188d 3336 405322 24 API calls 3334->3336 3335 401864 3337 405322 24 API calls 3335->3337 3346 401879 3335->3346 3338 401897 3336->3338 3337->3346 3339 403116 31 API calls 3338->3339 3341 4018aa 3339->3341 3340 4062ba lstrcpynW 3340->3347 3342 4018be SetFileTime 3341->3342 3344 4018d0 CloseHandle 3341->3344 3342->3344 3343 4062dc 17 API calls 3343->3347 3345 4018e1 3344->3345 3344->3346 3348 4018e6 3345->3348 3349 4018f9 3345->3349 3347->3330 3347->3331 3347->3333 3347->3334 3347->3335 3347->3340 3347->3343 3356 405db0 GetFileAttributesW CreateFileW 3347->3356 3359 405920 3347->3359 3350 4062dc 17 API calls 3348->3350 3351 4062dc 17 API calls 3349->3351 3352 4018ee lstrcatW 3350->3352 3353 401901 3351->3353 3352->3353 3355 405920 MessageBoxIndirectW 3353->3355 3355->3346 3356->3347 3357->3325 3358->3326 3360 405935 3359->3360 3361 405981 3360->3361 3362 405949 MessageBoxIndirectW 3360->3362 3361->3347 3362->3361 3895 4027ef 3896 4027f6 3895->3896 3899 402a70 3895->3899 3897 402c1f 17 API calls 3896->3897 3898 4027fd 3897->3898 3900 40280c SetFilePointer 3898->3900 3900->3899 3901 40281c 3900->3901 3903 406201 wsprintfW 3901->3903 3903->3899 3904 4043f0 3905 404408 3904->3905 3909 404522 3904->3909 3910 404231 18 API calls 3905->3910 3906 40458c 3907 404656 3906->3907 3908 404596 GetDlgItem 3906->3908 3915 404298 8 API calls 3907->3915 3911 4045b0 3908->3911 3912 404617 3908->3912 3909->3906 3909->3907 3913 40455d GetDlgItem SendMessageW 3909->3913 3914 40446f 3910->3914 3911->3912 3918 4045d6 SendMessageW LoadCursorW SetCursor 3911->3918 3912->3907 3919 404629 3912->3919 3937 404253 KiUserCallbackDispatcher 3913->3937 3917 404231 18 API calls 3914->3917 3925 404651 3915->3925 3921 40447c CheckDlgButton 3917->3921 3941 40469f 3918->3941 3923 40463f 3919->3923 3924 40462f SendMessageW 3919->3924 3920 404587 3938 40467b 3920->3938 3935 404253 KiUserCallbackDispatcher 3921->3935 3923->3925 3926 404645 SendMessageW 3923->3926 3924->3923 3926->3925 3930 40449a GetDlgItem 3936 404266 SendMessageW 3930->3936 3932 4044b0 SendMessageW 3933 4044d6 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3932->3933 3934 4044cd GetSysColor 3932->3934 3933->3925 3934->3933 3935->3930 3936->3932 3937->3920 3939 404689 3938->3939 3940 40468e SendMessageW 3938->3940 3939->3940 3940->3906 3944 4058e6 ShellExecuteExW 3941->3944 3943 404605 LoadCursorW SetCursor 3943->3912 3944->3943 3945 401a72 3946 402c1f 17 API calls 3945->3946 3947 401a7b 3946->3947 3948 402c1f 17 API calls 3947->3948 3949 401a20 3948->3949 3950 401573 3951 401583 ShowWindow 3950->3951 3952 40158c 3950->3952 3951->3952 3953 40159a ShowWindow 3952->3953 3954 402ac5 3952->3954 3953->3954 3955 402df3 3956 402e05 SetTimer 3955->3956 3957 402e1e 3955->3957 3956->3957 3958 402e73 3957->3958 3959 402e38 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 3957->3959 3959->3958 3960 401cf3 3961 402c1f 17 API calls 3960->3961 3962 401cf9 IsWindow 3961->3962 3963 401a20 3962->3963 3964 4014f5 SetForegroundWindow 3965 402ac5 3964->3965 3966 402576 3967 402c41 17 API calls 3966->3967 3968 40257d 3967->3968 3971 405db0 GetFileAttributesW CreateFileW 3968->3971 3970 402589 3971->3970 3632 401b77 3633 401bc8 3632->3633 3635 401b84 3632->3635 3636 401bf2 GlobalAlloc 3633->3636 3637 401bcd 3633->3637 3634 4022e4 3639 4062dc 17 API calls 3634->3639 3635->3634 3641 401b9b 3635->3641 3638 4062dc 17 API calls 3636->3638 3647 401c0d 3637->3647 3651 4062ba lstrcpynW 3637->3651 3638->3647 3640 4022f1 3639->3640 3645 405920 MessageBoxIndirectW 3640->3645 3652 4062ba lstrcpynW 3641->3652 3644 401bdf GlobalFree 3644->3647 3645->3647 3646 401baa 3653 4062ba lstrcpynW 3646->3653 3649 401bb9 3654 4062ba lstrcpynW 3649->3654 3651->3644 3652->3646 3653->3649 3654->3647 3972 404a78 3973 404aa4 3972->3973 3974 404a88 3972->3974 3976 404ad7 3973->3976 3977 404aaa SHGetPathFromIDListW 3973->3977 3983 405904 GetDlgItemTextW 3974->3983 3979 404ac1 SendMessageW 3977->3979 3980 404aba 3977->3980 3978 404a95 SendMessageW 3978->3973 3979->3976 3982 40140b 2 API calls 3980->3982 3982->3979 3983->3978 3984 4024f8 3985 402c81 17 API calls 3984->3985 3986 402502 3985->3986 3987 402c1f 17 API calls 3986->3987 3988 40250b 3987->3988 3989 402533 RegEnumValueW 3988->3989 3990 402527 RegEnumKeyW 3988->3990 3992 40288b 3988->3992 3991 402548 RegCloseKey 3989->3991 3990->3991 3991->3992 3994 40167b 3995 402c41 17 API calls 3994->3995 3996 401682 3995->3996 3997 402c41 17 API calls 3996->3997 3998 40168b 3997->3998 3999 402c41 17 API calls 3998->3999 4000 401694 MoveFileW 3999->4000 4001 4016a7 4000->4001 4007 4016a0 4000->4007 4003 4065fd 2 API calls 4001->4003 4005 402250 4001->4005 4002 401423 24 API calls 4002->4005 4004 4016b6 4003->4004 4004->4005 4006 406080 36 API calls 4004->4006 4006->4007 4007->4002 4008 401e7d 4009 402c41 17 API calls 4008->4009 4010 401e83 4009->4010 4011 402c41 17 API calls 4010->4011 4012 401e8c 4011->4012 4013 402c41 17 API calls 4012->4013 4014 401e95 4013->4014 4015 402c41 17 API calls 4014->4015 4016 401e9e 4015->4016 4017 401423 24 API calls 4016->4017 4018 401ea5 4017->4018 4025 4058e6 ShellExecuteExW 4018->4025 4020 401ee7 4023 40288b 4020->4023 4026 406745 WaitForSingleObject 4020->4026 4022 401f01 CloseHandle 4022->4023 4025->4020 4027 40675f 4026->4027 4028 406771 GetExitCodeProcess 4027->4028 4029 4066d0 2 API calls 4027->4029 4028->4022 4030 406766 WaitForSingleObject 4029->4030 4030->4027 4031 4019ff 4032 402c41 17 API calls 4031->4032 4033 401a06 4032->4033 4034 402c41 17 API calls 4033->4034 4035 401a0f 4034->4035 4036 401a16 lstrcmpiW 4035->4036 4037 401a28 lstrcmpW 4035->4037 4038 401a1c 4036->4038 4037->4038 4039 401000 4040 401037 BeginPaint GetClientRect 4039->4040 4041 40100c DefWindowProcW 4039->4041 4043 4010f3 4040->4043 4044 401179 4041->4044 4045 401073 CreateBrushIndirect FillRect DeleteObject 4043->4045 4046 4010fc 4043->4046 4045->4043 4047 401102 CreateFontIndirectW 4046->4047 4048 401167 EndPaint 4046->4048 4047->4048 4049 401112 6 API calls 4047->4049 4048->4044 4049->4048 4050 401503 4051 40150b 4050->4051 4053 40151e 4050->4053 4052 402c1f 17 API calls 4051->4052 4052->4053 3277 402104 3278 402c41 17 API calls 3277->3278 3279 40210b 3278->3279 3280 402c41 17 API calls 3279->3280 3281 402115 3280->3281 3282 402c41 17 API calls 3281->3282 3283 40211f 3282->3283 3284 402c41 17 API calls 3283->3284 3285 402129 3284->3285 3286 402c41 17 API calls 3285->3286 3288 402133 3286->3288 3287 402172 CoCreateInstance 3292 402191 3287->3292 3288->3287 3289 402c41 17 API calls 3288->3289 3289->3287 3290 401423 24 API calls 3291 402250 3290->3291 3292->3290 3292->3291 3293 402484 3304 402c81 3293->3304 3296 402c41 17 API calls 3297 402497 3296->3297 3298 4024a2 RegQueryValueExW 3297->3298 3299 40288b 3297->3299 3300 4024c2 3298->3300 3301 4024c8 RegCloseKey 3298->3301 3300->3301 3309 406201 wsprintfW 3300->3309 3301->3299 3305 402c41 17 API calls 3304->3305 3306 402c98 3305->3306 3307 406127 RegOpenKeyExW 3306->3307 3308 40248e 3307->3308 3308->3296 3309->3301 4054 401f06 4055 402c41 17 API calls 4054->4055 4056 401f0c 4055->4056 4057 405322 24 API calls 4056->4057 4058 401f16 4057->4058 4059 4058a3 2 API calls 4058->4059 4060 401f1c 4059->4060 4061 401f3f CloseHandle 4060->4061 4062 40288b 4060->4062 4063 406745 5 API calls 4060->4063 4061->4062 4065 401f31 4063->4065 4065->4061 4067 406201 wsprintfW 4065->4067 4067->4061 4068 40190c 4069 401943 4068->4069 4070 402c41 17 API calls 4069->4070 4071 401948 4070->4071 4072 4059cc 67 API calls 4071->4072 4073 401951 4072->4073 4074 40230c 4075 402314 4074->4075 4077 40231a 4074->4077 4076 402c41 17 API calls 4075->4076 4076->4077 4078 402328 4077->4078 4080 402c41 17 API calls 4077->4080 4079 402336 4078->4079 4081 402c41 17 API calls 4078->4081 4082 402c41 17 API calls 4079->4082 4080->4078 4081->4079 4083 40233f WritePrivateProfileStringW 4082->4083 4084 401f8c 4085 402c41 17 API calls 4084->4085 4086 401f93 4085->4086 4087 406694 5 API calls 4086->4087 4088 401fa2 4087->4088 4089 402026 4088->4089 4090 401fbe GlobalAlloc 4088->4090 4090->4089 4091 401fd2 4090->4091 4092 406694 5 API calls 4091->4092 4093 401fd9 4092->4093 4094 406694 5 API calls 4093->4094 4095 401fe3 4094->4095 4095->4089 4099 406201 wsprintfW 4095->4099 4097 402018 4100 406201 wsprintfW 4097->4100 4099->4097 4100->4089 4101 40238e 4102 4023c1 4101->4102 4103 402396 4101->4103 4105 402c41 17 API calls 4102->4105 4104 402c81 17 API calls 4103->4104 4107 40239d 4104->4107 4106 4023c8 4105->4106 4112 402cff 4106->4112 4109 4023d5 4107->4109 4110 402c41 17 API calls 4107->4110 4111 4023ae RegDeleteValueW RegCloseKey 4110->4111 4111->4109 4113 402d13 4112->4113 4115 402d0c 4112->4115 4113->4115 4116 402d44 4113->4116 4115->4109 4117 406127 RegOpenKeyExW 4116->4117 4118 402d72 4117->4118 4119 402d98 RegEnumKeyW 4118->4119 4120 402daf RegCloseKey 4118->4120 4121 402dd0 RegCloseKey 4118->4121 4123 402d44 6 API calls 4118->4123 4126 402dc3 4118->4126 4119->4118 4119->4120 4122 406694 5 API calls 4120->4122 4121->4126 4124 402dbf 4122->4124 4123->4118 4125 402de0 RegDeleteKeyW 4124->4125 4124->4126 4125->4126 4126->4115 3363 40338f SetErrorMode GetVersion 3364 4033ce 3363->3364 3365 4033d4 3363->3365 3366 406694 5 API calls 3364->3366 3367 406624 3 API calls 3365->3367 3366->3365 3368 4033ea lstrlenA 3367->3368 3368->3365 3369 4033fa 3368->3369 3370 406694 5 API calls 3369->3370 3371 403401 3370->3371 3372 406694 5 API calls 3371->3372 3373 403408 3372->3373 3374 406694 5 API calls 3373->3374 3375 403414 #17 OleInitialize SHGetFileInfoW 3374->3375 3453 4062ba lstrcpynW 3375->3453 3378 403460 GetCommandLineW 3454 4062ba lstrcpynW 3378->3454 3380 403472 3381 405bbc CharNextW 3380->3381 3382 403497 CharNextW 3381->3382 3383 4035c1 GetTempPathW 3382->3383 3394 4034b0 3382->3394 3455 40335e 3383->3455 3385 4035d9 3386 403633 DeleteFileW 3385->3386 3387 4035dd GetWindowsDirectoryW lstrcatW 3385->3387 3465 402edd GetTickCount GetModuleFileNameW 3386->3465 3388 40335e 12 API calls 3387->3388 3391 4035f9 3388->3391 3389 405bbc CharNextW 3389->3394 3391->3386 3393 4035fd GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3391->3393 3392 403647 3395 4036fe ExitProcess CoUninitialize 3392->3395 3404 405bbc CharNextW 3392->3404 3436 4036ea 3392->3436 3396 40335e 12 API calls 3393->3396 3394->3389 3397 4035ac 3394->3397 3398 4035aa 3394->3398 3399 403834 3395->3399 3400 403714 3395->3400 3402 40362b 3396->3402 3549 4062ba lstrcpynW 3397->3549 3398->3383 3401 40383c GetCurrentProcess OpenProcessToken 3399->3401 3411 4038b8 ExitProcess 3399->3411 3406 405920 MessageBoxIndirectW 3400->3406 3408 403854 LookupPrivilegeValueW AdjustTokenPrivileges 3401->3408 3409 403888 3401->3409 3402->3386 3402->3395 3420 403666 3404->3420 3407 403722 ExitProcess 3406->3407 3408->3409 3413 406694 5 API calls 3409->3413 3410 4036fa 3410->3395 3416 40388f 3413->3416 3414 4036c4 3418 405c97 18 API calls 3414->3418 3415 40372a 3417 40588b 5 API calls 3415->3417 3419 4038a4 ExitWindowsEx 3416->3419 3423 4038b1 3416->3423 3421 40372f lstrcatW 3417->3421 3422 4036d0 3418->3422 3419->3411 3419->3423 3420->3414 3420->3415 3424 403740 lstrcatW 3421->3424 3425 40374b lstrcatW lstrcmpiW 3421->3425 3422->3395 3550 4062ba lstrcpynW 3422->3550 3557 40140b 3423->3557 3424->3425 3425->3395 3427 403767 3425->3427 3429 403773 3427->3429 3430 40376c 3427->3430 3434 40586e 2 API calls 3429->3434 3432 4057f1 4 API calls 3430->3432 3431 4036df 3551 4062ba lstrcpynW 3431->3551 3435 403771 3432->3435 3437 403778 SetCurrentDirectoryW 3434->3437 3435->3437 3493 4039aa 3436->3493 3438 403793 3437->3438 3439 403788 3437->3439 3553 4062ba lstrcpynW 3438->3553 3552 4062ba lstrcpynW 3439->3552 3442 4062dc 17 API calls 3443 4037d2 DeleteFileW 3442->3443 3444 4037df CopyFileW 3443->3444 3450 4037a1 3443->3450 3444->3450 3445 403828 3446 406080 36 API calls 3445->3446 3448 40382f 3446->3448 3447 406080 36 API calls 3447->3450 3448->3395 3449 4062dc 17 API calls 3449->3450 3450->3442 3450->3445 3450->3447 3450->3449 3452 403813 CloseHandle 3450->3452 3554 4058a3 CreateProcessW 3450->3554 3452->3450 3453->3378 3454->3380 3456 40654e 5 API calls 3455->3456 3458 40336a 3456->3458 3457 403374 3457->3385 3458->3457 3459 405b8f 3 API calls 3458->3459 3460 40337c 3459->3460 3461 40586e 2 API calls 3460->3461 3462 403382 3461->3462 3560 405ddf 3462->3560 3564 405db0 GetFileAttributesW CreateFileW 3465->3564 3467 402f1d 3492 402f2d 3467->3492 3565 4062ba lstrcpynW 3467->3565 3469 402f43 3470 405bdb 2 API calls 3469->3470 3471 402f49 3470->3471 3566 4062ba lstrcpynW 3471->3566 3473 402f54 GetFileSize 3474 403050 3473->3474 3491 402f6b 3473->3491 3567 402e79 3474->3567 3476 403059 3478 403089 GlobalAlloc 3476->3478 3476->3492 3579 403347 SetFilePointer 3476->3579 3477 403331 ReadFile 3477->3491 3578 403347 SetFilePointer 3478->3578 3480 4030bc 3482 402e79 6 API calls 3480->3482 3482->3492 3483 403072 3485 403331 ReadFile 3483->3485 3484 4030a4 3486 403116 31 API calls 3484->3486 3487 40307d 3485->3487 3489 4030b0 3486->3489 3487->3478 3487->3492 3488 402e79 6 API calls 3488->3491 3489->3489 3490 4030ed SetFilePointer 3489->3490 3489->3492 3490->3492 3491->3474 3491->3477 3491->3480 3491->3488 3491->3492 3492->3392 3494 406694 5 API calls 3493->3494 3495 4039be 3494->3495 3496 4039c4 3495->3496 3497 4039d6 3495->3497 3592 406201 wsprintfW 3496->3592 3498 406188 3 API calls 3497->3498 3499 403a06 3498->3499 3501 403a25 lstrcatW 3499->3501 3503 406188 3 API calls 3499->3503 3502 4039d4 3501->3502 3584 403c80 3502->3584 3503->3501 3506 405c97 18 API calls 3507 403a57 3506->3507 3508 403aeb 3507->3508 3510 406188 3 API calls 3507->3510 3509 405c97 18 API calls 3508->3509 3511 403af1 3509->3511 3512 403a89 3510->3512 3513 403b01 LoadImageW 3511->3513 3514 4062dc 17 API calls 3511->3514 3512->3508 3517 403aaa lstrlenW 3512->3517 3520 405bbc CharNextW 3512->3520 3515 403ba7 3513->3515 3516 403b28 RegisterClassW 3513->3516 3514->3513 3519 40140b 2 API calls 3515->3519 3518 403b5e SystemParametersInfoW CreateWindowExW 3516->3518 3548 403bb1 3516->3548 3521 403ab8 lstrcmpiW 3517->3521 3522 403ade 3517->3522 3518->3515 3523 403bad 3519->3523 3524 403aa7 3520->3524 3521->3522 3525 403ac8 GetFileAttributesW 3521->3525 3526 405b8f 3 API calls 3522->3526 3528 403c80 18 API calls 3523->3528 3523->3548 3524->3517 3527 403ad4 3525->3527 3529 403ae4 3526->3529 3527->3522 3531 405bdb 2 API calls 3527->3531 3532 403bbe 3528->3532 3593 4062ba lstrcpynW 3529->3593 3531->3522 3533 403bca ShowWindow 3532->3533 3534 403c4d 3532->3534 3535 406624 3 API calls 3533->3535 3536 4053f5 5 API calls 3534->3536 3537 403be2 3535->3537 3538 403c53 3536->3538 3539 403bf0 GetClassInfoW 3537->3539 3542 406624 3 API calls 3537->3542 3540 403c57 3538->3540 3541 403c6f 3538->3541 3544 403c04 GetClassInfoW RegisterClassW 3539->3544 3545 403c1a DialogBoxParamW 3539->3545 3546 40140b 2 API calls 3540->3546 3540->3548 3543 40140b 2 API calls 3541->3543 3542->3539 3543->3548 3544->3545 3547 40140b 2 API calls 3545->3547 3546->3548 3547->3548 3548->3410 3549->3398 3550->3431 3551->3436 3552->3438 3553->3450 3555 4058e2 3554->3555 3556 4058d6 CloseHandle 3554->3556 3555->3450 3556->3555 3558 401389 2 API calls 3557->3558 3559 401420 3558->3559 3559->3411 3561 405dec GetTickCount GetTempFileNameW 3560->3561 3562 405e22 3561->3562 3563 40338d 3561->3563 3562->3561 3562->3563 3563->3385 3564->3467 3565->3469 3566->3473 3568 402e82 3567->3568 3569 402e9a 3567->3569 3570 402e92 3568->3570 3571 402e8b DestroyWindow 3568->3571 3572 402ea2 3569->3572 3573 402eaa GetTickCount 3569->3573 3570->3476 3571->3570 3580 4066d0 3572->3580 3575 402eb8 CreateDialogParamW ShowWindow 3573->3575 3576 402edb 3573->3576 3575->3576 3576->3476 3578->3484 3579->3483 3581 4066ed PeekMessageW 3580->3581 3582 4066e3 DispatchMessageW 3581->3582 3583 402ea8 3581->3583 3582->3581 3583->3476 3585 403c94 3584->3585 3594 406201 wsprintfW 3585->3594 3587 403d05 3595 403d39 3587->3595 3589 403d0a 3590 403a35 3589->3590 3591 4062dc 17 API calls 3589->3591 3590->3506 3591->3589 3592->3502 3593->3508 3594->3587 3596 4062dc 17 API calls 3595->3596 3597 403d47 SetWindowTextW 3596->3597 3597->3589 4127 40190f 4128 402c41 17 API calls 4127->4128 4129 401916 4128->4129 4130 405920 MessageBoxIndirectW 4129->4130 4131 40191f 4130->4131 4132 401491 4133 405322 24 API calls 4132->4133 4134 401498 4133->4134 4135 401d14 4136 402c1f 17 API calls 4135->4136 4137 401d1b 4136->4137 4138 402c1f 17 API calls 4137->4138 4139 401d27 GetDlgItem 4138->4139 4140 402592 4139->4140 4141 405296 4142 4052a6 4141->4142 4143 4052ba 4141->4143 4145 4052ac 4142->4145 4153 405303 4142->4153 4144 4052c2 IsWindowVisible 4143->4144 4147 4052d9 4143->4147 4146 4052cf 4144->4146 4144->4153 4149 40427d SendMessageW 4145->4149 4154 404bec SendMessageW 4146->4154 4148 405308 CallWindowProcW 4147->4148 4159 404c6c 4147->4159 4150 4052b6 4148->4150 4149->4150 4153->4148 4155 404c4b SendMessageW 4154->4155 4156 404c0f GetMessagePos ScreenToClient SendMessageW 4154->4156 4157 404c43 4155->4157 4156->4157 4158 404c48 4156->4158 4157->4147 4158->4155 4168 4062ba lstrcpynW 4159->4168 4161 404c7f 4169 406201 wsprintfW 4161->4169 4163 404c89 4164 40140b 2 API calls 4163->4164 4165 404c92 4164->4165 4170 4062ba lstrcpynW 4165->4170 4167 404c99 4167->4153 4168->4161 4169->4163 4170->4167 4171 402598 4172 4025c7 4171->4172 4173 4025ac 4171->4173 4175 4025fb 4172->4175 4176 4025cc 4172->4176 4174 402c1f 17 API calls 4173->4174 4181 4025b3 4174->4181 4178 402c41 17 API calls 4175->4178 4177 402c41 17 API calls 4176->4177 4179 4025d3 WideCharToMultiByte lstrlenA 4177->4179 4180 402602 lstrlenW 4178->4180 4179->4181 4180->4181 4182 40262f 4181->4182 4183 402645 4181->4183 4185 405e91 5 API calls 4181->4185 4182->4183 4184 405e62 WriteFile 4182->4184 4184->4183 4185->4182 4186 404c9e GetDlgItem GetDlgItem 4187 404cf0 7 API calls 4186->4187 4194 404f09 4186->4194 4188 404d93 DeleteObject 4187->4188 4189 404d86 SendMessageW 4187->4189 4190 404d9c 4188->4190 4189->4188 4192 404dd3 4190->4192 4193 4062dc 17 API calls 4190->4193 4191 404fed 4196 405099 4191->4196 4207 405046 SendMessageW 4191->4207 4229 404efc 4191->4229 4195 404231 18 API calls 4192->4195 4198 404db5 SendMessageW SendMessageW 4193->4198 4194->4191 4197 404f7a 4194->4197 4205 404bec 5 API calls 4194->4205 4201 404de7 4195->4201 4199 4050a3 SendMessageW 4196->4199 4200 4050ab 4196->4200 4197->4191 4203 404fdf SendMessageW 4197->4203 4198->4190 4199->4200 4204 4050d4 4200->4204 4209 4050c4 4200->4209 4210 4050bd ImageList_Destroy 4200->4210 4206 404231 18 API calls 4201->4206 4202 404298 8 API calls 4208 40528f 4202->4208 4203->4191 4212 405243 4204->4212 4228 404c6c 4 API calls 4204->4228 4233 40510f 4204->4233 4205->4197 4211 404df5 4206->4211 4213 40505b SendMessageW 4207->4213 4207->4229 4209->4204 4214 4050cd GlobalFree 4209->4214 4210->4209 4215 404eca GetWindowLongW SetWindowLongW 4211->4215 4222 404ec4 4211->4222 4225 404e45 SendMessageW 4211->4225 4226 404e81 SendMessageW 4211->4226 4227 404e92 SendMessageW 4211->4227 4216 405255 ShowWindow GetDlgItem ShowWindow 4212->4216 4212->4229 4218 40506e 4213->4218 4214->4204 4217 404ee3 4215->4217 4216->4229 4219 404f01 4217->4219 4220 404ee9 ShowWindow 4217->4220 4221 40507f SendMessageW 4218->4221 4238 404266 SendMessageW 4219->4238 4237 404266 SendMessageW 4220->4237 4221->4196 4222->4215 4222->4217 4225->4211 4226->4211 4227->4211 4228->4233 4229->4202 4230 405219 InvalidateRect 4230->4212 4231 40522f 4230->4231 4239 404ba7 4231->4239 4232 40513d SendMessageW 4236 405153 4232->4236 4233->4232 4233->4236 4235 4051c7 SendMessageW SendMessageW 4235->4236 4236->4230 4236->4235 4237->4229 4238->4194 4242 404ade 4239->4242 4241 404bbc 4241->4212 4243 404af7 4242->4243 4244 4062dc 17 API calls 4243->4244 4245 404b5b 4244->4245 4246 4062dc 17 API calls 4245->4246 4247 404b66 4246->4247 4248 4062dc 17 API calls 4247->4248 4249 404b7c lstrlenW wsprintfW SetDlgItemTextW 4248->4249 4249->4241 4250 40149e 4251 4022f7 4250->4251 4252 4014ac PostQuitMessage 4250->4252 4252->4251 3750 401c1f 3751 402c1f 17 API calls 3750->3751 3752 401c26 3751->3752 3753 402c1f 17 API calls 3752->3753 3754 401c33 3753->3754 3755 401c48 3754->3755 3757 402c41 17 API calls 3754->3757 3756 401c58 3755->3756 3758 402c41 17 API calls 3755->3758 3759 401c63 3756->3759 3760 401caf 3756->3760 3757->3755 3758->3756 3761 402c1f 17 API calls 3759->3761 3762 402c41 17 API calls 3760->3762 3763 401c68 3761->3763 3764 401cb4 3762->3764 3765 402c1f 17 API calls 3763->3765 3766 402c41 17 API calls 3764->3766 3767 401c74 3765->3767 3768 401cbd FindWindowExW 3766->3768 3769 401c81 SendMessageTimeoutW 3767->3769 3770 401c9f SendMessageW 3767->3770 3771 401cdf 3768->3771 3769->3771 3770->3771 4253 402aa0 SendMessageW 4254 402ac5 4253->4254 4255 402aba InvalidateRect 4253->4255 4255->4254 4256 402821 4257 402827 4256->4257 4258 402ac5 4257->4258 4259 40282f FindClose 4257->4259 4259->4258 4260 4043a1 lstrlenW 4261 4043c0 4260->4261 4262 4043c2 WideCharToMultiByte 4260->4262 4261->4262 4263 404722 4264 40474e 4263->4264 4265 40475f 4263->4265 4324 405904 GetDlgItemTextW 4264->4324 4267 40476b GetDlgItem 4265->4267 4273 4047ca 4265->4273 4269 40477f 4267->4269 4268 404759 4271 40654e 5 API calls 4268->4271 4272 404793 SetWindowTextW 4269->4272 4280 405c3a 4 API calls 4269->4280 4270 4048ae 4274 404a5d 4270->4274 4326 405904 GetDlgItemTextW 4270->4326 4271->4265 4276 404231 18 API calls 4272->4276 4273->4270 4273->4274 4277 4062dc 17 API calls 4273->4277 4279 404298 8 API calls 4274->4279 4281 4047af 4276->4281 4282 40483e SHBrowseForFolderW 4277->4282 4278 4048de 4283 405c97 18 API calls 4278->4283 4284 404a71 4279->4284 4285 404789 4280->4285 4286 404231 18 API calls 4281->4286 4282->4270 4287 404856 CoTaskMemFree 4282->4287 4288 4048e4 4283->4288 4285->4272 4291 405b8f 3 API calls 4285->4291 4289 4047bd 4286->4289 4290 405b8f 3 API calls 4287->4290 4327 4062ba lstrcpynW 4288->4327 4325 404266 SendMessageW 4289->4325 4293 404863 4290->4293 4291->4272 4296 40489a SetDlgItemTextW 4293->4296 4300 4062dc 17 API calls 4293->4300 4295 4047c3 4298 406694 5 API calls 4295->4298 4296->4270 4297 4048fb 4299 406694 5 API calls 4297->4299 4298->4273 4307 404902 4299->4307 4301 404882 lstrcmpiW 4300->4301 4301->4296 4304 404893 lstrcatW 4301->4304 4302 404943 4328 4062ba lstrcpynW 4302->4328 4304->4296 4305 40494a 4306 405c3a 4 API calls 4305->4306 4308 404950 GetDiskFreeSpaceW 4306->4308 4307->4302 4310 405bdb 2 API calls 4307->4310 4312 40499b 4307->4312 4311 404974 MulDiv 4308->4311 4308->4312 4310->4307 4311->4312 4313 404a0c 4312->4313 4314 404ba7 20 API calls 4312->4314 4315 404a2f 4313->4315 4317 40140b 2 API calls 4313->4317 4316 4049f9 4314->4316 4329 404253 KiUserCallbackDispatcher 4315->4329 4319 404a0e SetDlgItemTextW 4316->4319 4320 4049fe 4316->4320 4317->4315 4319->4313 4322 404ade 20 API calls 4320->4322 4321 404a4b 4321->4274 4323 40467b SendMessageW 4321->4323 4322->4313 4323->4274 4324->4268 4325->4295 4326->4278 4327->4297 4328->4305 4329->4321 4330 4015a3 4331 402c41 17 API calls 4330->4331 4332 4015aa SetFileAttributesW 4331->4332 4333 4015bc 4332->4333 4334 4029a8 4335 402c1f 17 API calls 4334->4335 4336 4029ae 4335->4336 4337 4029d5 4336->4337 4338 4029ee 4336->4338 4346 40288b 4336->4346 4341 4029da 4337->4341 4347 4029eb 4337->4347 4339 402a08 4338->4339 4340 4029f8 4338->4340 4343 4062dc 17 API calls 4339->4343 4342 402c1f 17 API calls 4340->4342 4348 4062ba lstrcpynW 4341->4348 4342->4347 4343->4347 4347->4346 4349 406201 wsprintfW 4347->4349 4348->4346 4349->4346 4350 4028ad 4351 402c41 17 API calls 4350->4351 4353 4028bb 4351->4353 4352 4028d1 4355 405d8b 2 API calls 4352->4355 4353->4352 4354 402c41 17 API calls 4353->4354 4354->4352 4356 4028d7 4355->4356 4378 405db0 GetFileAttributesW CreateFileW 4356->4378 4358 4028e4 4359 4028f0 GlobalAlloc 4358->4359 4360 402987 4358->4360 4363 402909 4359->4363 4364 40297e CloseHandle 4359->4364 4361 4029a2 4360->4361 4362 40298f DeleteFileW 4360->4362 4362->4361 4379 403347 SetFilePointer 4363->4379 4364->4360 4366 40290f 4367 403331 ReadFile 4366->4367 4368 402918 GlobalAlloc 4367->4368 4369 402928 4368->4369 4370 40295c 4368->4370 4371 403116 31 API calls 4369->4371 4372 405e62 WriteFile 4370->4372 4374 402935 4371->4374 4373 402968 GlobalFree 4372->4373 4375 403116 31 API calls 4373->4375 4376 402953 GlobalFree 4374->4376 4377 40297b 4375->4377 4376->4370 4377->4364 4378->4358 4379->4366 4380 401a30 4381 402c41 17 API calls 4380->4381 4382 401a39 ExpandEnvironmentStringsW 4381->4382 4383 401a4d 4382->4383 4385 401a60 4382->4385 4384 401a52 lstrcmpW 4383->4384 4383->4385 4384->4385 3609 402032 3610 402044 3609->3610 3620 4020f6 3609->3620 3611 402c41 17 API calls 3610->3611 3613 40204b 3611->3613 3612 401423 24 API calls 3614 402250 3612->3614 3615 402c41 17 API calls 3613->3615 3616 402054 3615->3616 3617 40206a LoadLibraryExW 3616->3617 3618 40205c GetModuleHandleW 3616->3618 3619 40207b 3617->3619 3617->3620 3618->3617 3618->3619 3629 406703 WideCharToMultiByte 3619->3629 3620->3612 3623 4020c5 3625 405322 24 API calls 3623->3625 3624 40208c 3626 401423 24 API calls 3624->3626 3627 40209c 3624->3627 3625->3627 3626->3627 3627->3614 3628 4020e8 FreeLibrary 3627->3628 3628->3614 3630 40672d GetProcAddress 3629->3630 3631 402086 3629->3631 3630->3631 3631->3623 3631->3624 4391 401735 4392 402c41 17 API calls 4391->4392 4393 40173c SearchPathW 4392->4393 4394 401757 4393->4394 4395 402a35 4396 402c1f 17 API calls 4395->4396 4397 402a3b 4396->4397 4398 402a72 4397->4398 4399 40288b 4397->4399 4401 402a4d 4397->4401 4398->4399 4400 4062dc 17 API calls 4398->4400 4400->4399 4401->4399 4403 406201 wsprintfW 4401->4403 4403->4399 4404 4014b8 4405 4014be 4404->4405 4406 401389 2 API calls 4405->4406 4407 4014c6 4406->4407 4408 401db9 GetDC 4409 402c1f 17 API calls 4408->4409 4410 401dcb GetDeviceCaps MulDiv ReleaseDC 4409->4410 4411 402c1f 17 API calls 4410->4411 4412 401dfc 4411->4412 4413 4062dc 17 API calls 4412->4413 4414 401e39 CreateFontIndirectW 4413->4414 4415 402592 4414->4415 4416 40283b 4417 402843 4416->4417 4418 402847 FindNextFileW 4417->4418 4421 402859 4417->4421 4419 4028a0 4418->4419 4418->4421 4422 4062ba lstrcpynW 4419->4422 4422->4421

                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                          Function 0040338F Relevance: 75.7, APIs: 33, Strings: 10, Instructions: 410stringfilecomCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 0 40338f-4033cc SetErrorMode GetVersion 1 4033ce-4033d6 call 406694 0->1 2 4033df 0->2 1->2 7 4033d8 1->7 4 4033e4-4033f8 call 406624 lstrlenA 2->4 9 4033fa-403416 call 406694 * 3 4->9 7->2 16 403427-403486 #17 OleInitialize SHGetFileInfoW call 4062ba GetCommandLineW call 4062ba 9->16 17 403418-40341e 9->17 24 403490-4034aa call 405bbc CharNextW 16->24 25 403488-40348f 16->25 17->16 21 403420 17->21 21->16 28 4034b0-4034b6 24->28 29 4035c1-4035db GetTempPathW call 40335e 24->29 25->24 30 4034b8-4034bd 28->30 31 4034bf-4034c3 28->31 38 403633-40364d DeleteFileW call 402edd 29->38 39 4035dd-4035fb GetWindowsDirectoryW lstrcatW call 40335e 29->39 30->30 30->31 33 4034c5-4034c9 31->33 34 4034ca-4034ce 31->34 33->34 36 4034d4-4034da 34->36 37 40358d-40359a call 405bbc 34->37 43 4034f5-40352e 36->43 44 4034dc-4034e4 36->44 54 40359c-40359d 37->54 55 40359e-4035a4 37->55 56 403653-403659 38->56 57 4036fe-40370e ExitProcess CoUninitialize 38->57 39->38 52 4035fd-40362d GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40335e 39->52 50 403530-403535 43->50 51 40354b-403585 43->51 48 4034e6-4034e9 44->48 49 4034eb 44->49 48->43 48->49 49->43 50->51 58 403537-40353f 50->58 51->37 53 403587-40358b 51->53 52->38 52->57 53->37 60 4035ac-4035ba call 4062ba 53->60 54->55 55->28 61 4035aa 55->61 62 4036ee-4036f5 call 4039aa 56->62 63 40365f-40366a call 405bbc 56->63 64 403834-40383a 57->64 65 403714-403724 call 405920 ExitProcess 57->65 66 403541-403544 58->66 67 403546 58->67 71 4035bf 60->71 61->71 80 4036fa 62->80 84 4036b8-4036c2 63->84 85 40366c-4036a1 63->85 68 4038b8-4038c0 64->68 69 40383c-403852 GetCurrentProcess OpenProcessToken 64->69 66->51 66->67 67->51 81 4038c2 68->81 82 4038c6-4038ca ExitProcess 68->82 77 403854-403882 LookupPrivilegeValueW AdjustTokenPrivileges 69->77 78 403888-403896 call 406694 69->78 71->29 77->78 92 4038a4-4038af ExitWindowsEx 78->92 93 403898-4038a2 78->93 80->57 81->82 86 4036c4-4036d2 call 405c97 84->86 87 40372a-40373e call 40588b lstrcatW 84->87 89 4036a3-4036a7 85->89 86->57 102 4036d4-4036ea call 4062ba * 2 86->102 100 403740-403746 lstrcatW 87->100 101 40374b-403765 lstrcatW lstrcmpiW 87->101 94 4036b0-4036b4 89->94 95 4036a9-4036ae 89->95 92->68 99 4038b1-4038b3 call 40140b 92->99 93->92 93->99 94->89 96 4036b6 94->96 95->94 95->96 96->84 99->68 100->101 101->57 105 403767-40376a 101->105 102->62 107 403773 call 40586e 105->107 108 40376c-403771 call 4057f1 105->108 115 403778-403786 SetCurrentDirectoryW 107->115 108->115 116 403793-4037bc call 4062ba 115->116 117 403788-40378e call 4062ba 115->117 121 4037c1-4037dd call 4062dc DeleteFileW 116->121 117->116 124 40381e-403826 121->124 125 4037df-4037ef CopyFileW 121->125 124->121 127 403828-40382f call 406080 124->127 125->124 126 4037f1-403811 call 406080 call 4062dc call 4058a3 125->126 126->124 136 403813-40381a CloseHandle 126->136 127->57 136->124
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE ref: 004033B2
                                                                                                                                                                                                                                                                                          • GetVersion.KERNEL32 ref: 004033B8
                                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033EB
                                                                                                                                                                                                                                                                                          • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403428
                                                                                                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 0040342F
                                                                                                                                                                                                                                                                                          • SHGetFileInfoW.SHELL32(00440208,00000000,?,000002B4,00000000), ref: 0040344B
                                                                                                                                                                                                                                                                                          • GetCommandLineW.KERNEL32(00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 00403460
                                                                                                                                                                                                                                                                                          • CharNextW.USER32(00000000,004CB000,00000020,004CB000,00000000,?,00000006,00000008,0000000A), ref: 00403498
                                                                                                                                                                                                                                                                                            • Part of subcall function 00406694: GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                                                                                                                            • Part of subcall function 00406694: GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00002000,004DF000,?,00000006,00000008,0000000A), ref: 004035D2
                                                                                                                                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(004DF000,00001FFB,?,00000006,00000008,0000000A), ref: 004035E3
                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DF000,\Temp,?,00000006,00000008,0000000A), ref: 004035EF
                                                                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00001FFC,004DF000,004DF000,\Temp,?,00000006,00000008,0000000A), ref: 00403603
                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DF000,Low,?,00000006,00000008,0000000A), ref: 0040360B
                                                                                                                                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TEMP,004DF000,004DF000,Low,?,00000006,00000008,0000000A), ref: 0040361C
                                                                                                                                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TMP,004DF000,?,00000006,00000008,0000000A), ref: 00403624
                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(004DB000,?,00000006,00000008,0000000A), ref: 00403638
                                                                                                                                                                                                                                                                                            • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32(00000006,?,00000006,00000008,0000000A), ref: 004036FE
                                                                                                                                                                                                                                                                                          • CoUninitialize.COMBASE(00000006,?,00000006,00000008,0000000A), ref: 00403703
                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00403724
                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403737
                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DF000,0040A26C,004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403746
                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DF000,.tmp,004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403751
                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(004DF000,004D7000,004DF000,.tmp,004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 0040375D
                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(004DF000,004DF000,?,00000006,00000008,0000000A), ref: 00403779
                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(0043C208,0043C208,?,0047B000,00000008,?,00000006,00000008,0000000A), ref: 004037D3
                                                                                                                                                                                                                                                                                          • CopyFileW.KERNEL32(004E7000,0043C208,00000001,?,00000006,00000008,0000000A), ref: 004037E7
                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,0043C208,0043C208,?,0043C208,00000000,?,00000006,00000008,0000000A), ref: 00403814
                                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 00403843
                                                                                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 0040384A
                                                                                                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040385F
                                                                                                                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32 ref: 00403882
                                                                                                                                                                                                                                                                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 004038A7
                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 004038CA
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Processlstrcat$ExitFile$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                                                                                                                                                                          • String ID: .tmp$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                                                                                          • API String ID: 424501083-3195845224
                                                                                                                                                                                                                                                                                          • Opcode ID: d8143391da9922f0f8fdd9eae6183e51d391a53b8ae8d145ad5f2599bc791527
                                                                                                                                                                                                                                                                                          • Instruction ID: 33fbdd78d52bfd04f2c73b4da217482bb076a8c6d1615cdfa2cd3638f3c4bec2
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8143391da9922f0f8fdd9eae6183e51d391a53b8ae8d145ad5f2599bc791527
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45D1F471100310AAE720BF769D45B2B3AADEB4070AF10447FF885B62E1DBBD8D55876E
                                                                                                                                                                                                                                                                                          Function 00405461 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 137 405461-40547c 138 405482-405549 GetDlgItem * 3 call 404266 call 404bbf GetClientRect GetSystemMetrics SendMessageW * 2 137->138 139 40560b-405612 137->139 160 405567-40556a 138->160 161 40554b-405565 SendMessageW * 2 138->161 141 405614-405636 GetDlgItem CreateThread CloseHandle 139->141 142 40563c-405649 139->142 141->142 144 405667-405671 142->144 145 40564b-405651 142->145 149 405673-405679 144->149 150 4056c7-4056cb 144->150 147 405653-405662 ShowWindow * 2 call 404266 145->147 148 40568c-405695 call 404298 145->148 147->144 157 40569a-40569e 148->157 155 4056a1-4056b1 ShowWindow 149->155 156 40567b-405687 call 40420a 149->156 150->148 153 4056cd-4056d3 150->153 153->148 162 4056d5-4056e8 SendMessageW 153->162 158 4056c1-4056c2 call 40420a 155->158 159 4056b3-4056bc call 405322 155->159 156->148 158->150 159->158 166 40557a-405591 call 404231 160->166 167 40556c-405578 SendMessageW 160->167 161->160 168 4057ea-4057ec 162->168 169 4056ee-405719 CreatePopupMenu call 4062dc AppendMenuW 162->169 176 405593-4055a7 ShowWindow 166->176 177 4055c7-4055e8 GetDlgItem SendMessageW 166->177 167->166 168->157 174 40571b-40572b GetWindowRect 169->174 175 40572e-405743 TrackPopupMenu 169->175 174->175 175->168 179 405749-405760 175->179 180 4055b6 176->180 181 4055a9-4055b4 ShowWindow 176->181 177->168 178 4055ee-405606 SendMessageW * 2 177->178 178->168 182 405765-405780 SendMessageW 179->182 183 4055bc-4055c2 call 404266 180->183 181->183 182->182 184 405782-4057a5 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 182->184 183->177 186 4057a7-4057ce SendMessageW 184->186 186->186 187 4057d0-4057e4 GlobalUnlock SetClipboardData CloseClipboard 186->187 187->168
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000403), ref: 004054BF
                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 004054CE
                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040550B
                                                                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000002), ref: 00405512
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405533
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405544
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405557
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405565
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405578
                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040559A
                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 004055AE
                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 004055CF
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004055DF
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055F8
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405604
                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F8), ref: 004054DD
                                                                                                                                                                                                                                                                                            • Part of subcall function 00404266: SendMessageW.USER32(00000028,?,00000001,00404091), ref: 00404274
                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405621
                                                                                                                                                                                                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,Function_000053F5,00000000), ref: 0040562F
                                                                                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(00000000), ref: 00405636
                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 0040565A
                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 0040565F
                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000008), ref: 004056A9
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004056DD
                                                                                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 004056EE
                                                                                                                                                                                                                                                                                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405702
                                                                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00405722
                                                                                                                                                                                                                                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040573B
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405773
                                                                                                                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 00405783
                                                                                                                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 00405789
                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405795
                                                                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0040579F
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 004057B3
                                                                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004057D3
                                                                                                                                                                                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 004057DE
                                                                                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 004057E4
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                                                                          • String ID: {
                                                                                                                                                                                                                                                                                          • API String ID: 590372296-366298937
                                                                                                                                                                                                                                                                                          • Opcode ID: 3f5756e17ddf514bb7e58e27119461a6e63aa272c655e6837988b65713ff16ec
                                                                                                                                                                                                                                                                                          • Instruction ID: bae72a1d173c3811f2fd5642bc5838002141c6bee16c4b6d0499208050eeb164
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f5756e17ddf514bb7e58e27119461a6e63aa272c655e6837988b65713ff16ec
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CB12970900608FFDB119FA0DE89EAE7B79FB48354F00413AFA45A61A0CBB55E91DF58
                                                                                                                                                                                                                                                                                          Function 004059CC Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 148filestringCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 497 4059cc-4059f2 call 405c97 500 4059f4-405a06 DeleteFileW 497->500 501 405a0b-405a12 497->501 502 405b88-405b8c 500->502 503 405a14-405a16 501->503 504 405a25-405a35 call 4062ba 501->504 505 405b36-405b3b 503->505 506 405a1c-405a1f 503->506 510 405a44-405a45 call 405bdb 504->510 511 405a37-405a42 lstrcatW 504->511 505->502 509 405b3d-405b40 505->509 506->504 506->505 512 405b42-405b48 509->512 513 405b4a-405b52 call 4065fd 509->513 514 405a4a-405a4e 510->514 511->514 512->502 513->502 521 405b54-405b68 call 405b8f call 405984 513->521 517 405a50-405a58 514->517 518 405a5a-405a60 lstrcatW 514->518 517->518 520 405a65-405a81 lstrlenW FindFirstFileW 517->520 518->520 522 405a87-405a8f 520->522 523 405b2b-405b2f 520->523 537 405b80-405b83 call 405322 521->537 538 405b6a-405b6d 521->538 527 405a91-405a99 522->527 528 405aaf-405ac3 call 4062ba 522->528 523->505 526 405b31 523->526 526->505 531 405a9b-405aa3 527->531 532 405b0e-405b1e FindNextFileW 527->532 539 405ac5-405acd 528->539 540 405ada-405ae5 call 405984 528->540 531->528 533 405aa5-405aad 531->533 532->522 536 405b24-405b25 FindClose 532->536 533->528 533->532 536->523 537->502 538->512 541 405b6f-405b7e call 405322 call 406080 538->541 539->532 542 405acf-405ad3 call 4059cc 539->542 550 405b06-405b09 call 405322 540->550 551 405ae7-405aea 540->551 541->502 549 405ad8 542->549 549->532 550->532 554 405aec-405afc call 405322 call 406080 551->554 555 405afe-405b04 551->555 554->532 555->532
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(?,?,004DF000,74DF3420,00000000), ref: 004059F5
                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\*.*,?,?,004DF000,74DF3420,00000000), ref: 00405A3D
                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\*.*,?,?,004DF000,74DF3420,00000000), ref: 00405A60
                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\*.*,?,?,004DF000,74DF3420,00000000), ref: 00405A66
                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\*.*,?,?,004DF000,74DF3420,00000000), ref: 00405A76
                                                                                                                                                                                                                                                                                          • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405B16
                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00405B25
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\*.*$\*.*
                                                                                                                                                                                                                                                                                          • API String ID: 2035342205-2866927182
                                                                                                                                                                                                                                                                                          • Opcode ID: 381ae1539308b0fff5c23660480c7799636f68814d34eb948432fba1f876741c
                                                                                                                                                                                                                                                                                          • Instruction ID: 3baa02bdf70247edfb0f680676f8bffda79515ede8bd61e7e13478a9eee65f3b
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 381ae1539308b0fff5c23660480c7799636f68814d34eb948432fba1f876741c
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E141D430900914AACB21AB618C89ABF7778EF45369F10427FF801711D1D77CAD81DE6E
                                                                                                                                                                                                                                                                                          Function 004065FD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNELBASE(004DF000,00468298,C:\,00405CE0,C:\,C:\,00000000,C:\,C:\,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420), ref: 00406608
                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00406614
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                          • String ID: C:\
                                                                                                                                                                                                                                                                                          • API String ID: 2295610775-3404278061
                                                                                                                                                                                                                                                                                          • Opcode ID: f7cd178be2e6469beafc72b660366141f3ce998a63a06fca00c04ee689428cf9
                                                                                                                                                                                                                                                                                          • Instruction ID: 086872f0bf6ffc0fec3bf9e050170664210a11ef237051a194e92f35cf11c1a2
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7cd178be2e6469beafc72b660366141f3ce998a63a06fca00c04ee689428cf9
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52D012315455205BC7001B386E0C85B7B599F553317158F37F46AF51E0DB758C62869D
                                                                                                                                                                                                                                                                                          Function 00402104 Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402183
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CreateInstance
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 542301482-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 6add73535d334bbd10faeab47eb29d8a703edf5c42766cfe57afeb0baa1f3480
                                                                                                                                                                                                                                                                                          • Instruction ID: 6590b0d0bd135a94e5278e34c2007f8374f9804fe0c2ec815525577e7f77d17f
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6add73535d334bbd10faeab47eb29d8a703edf5c42766cfe57afeb0baa1f3480
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01414C71A00208AFCF04DFE4C988A9D7BB5FF48314B24457AF915EB2E0DBB99981CB44
                                                                                                                                                                                                                                                                                          Function 00403D58 Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 188 403d58-403d6a 189 403d70-403d76 188->189 190 403eab-403eba 188->190 189->190 191 403d7c-403d85 189->191 192 403f09-403f1e 190->192 193 403ebc-403f04 GetDlgItem * 2 call 404231 SetClassLongW call 40140b 190->193 196 403d87-403d94 SetWindowPos 191->196 197 403d9a-403d9d 191->197 194 403f20-403f23 192->194 195 403f5e-403f63 call 40427d 192->195 193->192 199 403f25-403f30 call 401389 194->199 200 403f56-403f58 194->200 207 403f68-403f83 195->207 196->197 202 403db7-403dbd 197->202 203 403d9f-403db1 ShowWindow 197->203 199->200 221 403f32-403f51 SendMessageW 199->221 200->195 206 4041fe 200->206 208 403dd9-403ddc 202->208 209 403dbf-403dd4 DestroyWindow 202->209 203->202 214 404200-404207 206->214 212 403f85-403f87 call 40140b 207->212 213 403f8c-403f92 207->213 217 403dde-403dea SetWindowLongW 208->217 218 403def-403df5 208->218 215 4041db-4041e1 209->215 212->213 224 403f98-403fa3 213->224 225 4041bc-4041d5 DestroyWindow EndDialog 213->225 215->206 223 4041e3-4041e9 215->223 217->214 219 403e98-403ea6 call 404298 218->219 220 403dfb-403e0c GetDlgItem 218->220 219->214 226 403e2b-403e2e 220->226 227 403e0e-403e25 SendMessageW IsWindowEnabled 220->227 221->214 223->206 229 4041eb-4041f4 ShowWindow 223->229 224->225 230 403fa9-403ff6 call 4062dc call 404231 * 3 GetDlgItem 224->230 225->215 231 403e30-403e31 226->231 232 403e33-403e36 226->232 227->206 227->226 229->206 258 404000-40403c ShowWindow KiUserCallbackDispatcher call 404253 EnableWindow 230->258 259 403ff8-403ffd 230->259 235 403e61-403e66 call 40420a 231->235 236 403e44-403e49 232->236 237 403e38-403e3e 232->237 235->219 241 403e7f-403e92 SendMessageW 236->241 242 403e4b-403e51 236->242 240 403e40-403e42 237->240 237->241 240->235 241->219 246 403e53-403e59 call 40140b 242->246 247 403e68-403e71 call 40140b 242->247 256 403e5f 246->256 247->219 255 403e73-403e7d 247->255 255->256 256->235 262 404041 258->262 263 40403e-40403f 258->263 259->258 264 404043-404071 GetSystemMenu EnableMenuItem SendMessageW 262->264 263->264 265 404073-404084 SendMessageW 264->265 266 404086 264->266 267 40408c-4040cb call 404266 call 403d39 call 4062ba lstrlenW call 4062dc SetWindowTextW call 401389 265->267 266->267 267->207 278 4040d1-4040d3 267->278 278->207 279 4040d9-4040dd 278->279 280 4040fc-404110 DestroyWindow 279->280 281 4040df-4040e5 279->281 280->215 282 404116-404143 CreateDialogParamW 280->282 281->206 283 4040eb-4040f1 281->283 282->215 284 404149-4041a0 call 404231 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 282->284 283->207 285 4040f7 283->285 284->206 290 4041a2-4041b5 ShowWindow call 40427d 284->290 285->206 292 4041ba 290->292 292->215
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D94
                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?), ref: 00403DB1
                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32 ref: 00403DC5
                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DE1
                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00403E02
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403E16
                                                                                                                                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 00403E1D
                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 00403ECB
                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00403ED5
                                                                                                                                                                                                                                                                                          • SetClassLongW.USER32(?,000000F2,?), ref: 00403EEF
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F40
                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000003), ref: 00403FE6
                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 00404007
                                                                                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404019
                                                                                                                                                                                                                                                                                          • EnableWindow.USER32(?,?), ref: 00404034
                                                                                                                                                                                                                                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040404A
                                                                                                                                                                                                                                                                                          • EnableMenuItem.USER32(00000000), ref: 00404051
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404069
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040407C
                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00450248,?,00450248,00000000), ref: 004040A6
                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,00450248), ref: 004040BA
                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 004041EE
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3282139019-0
                                                                                                                                                                                                                                                                                          • Opcode ID: fc0f4d7be1e4c82c86fade982caad82dc734dafc7249948e3003efd3e17736fb
                                                                                                                                                                                                                                                                                          • Instruction ID: ebd8885eb79f40fe398f9982bcc50e4b60f6275a3dc5f5776bcae5bce4ead0d0
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc0f4d7be1e4c82c86fade982caad82dc734dafc7249948e3003efd3e17736fb
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFC1D5B1500304ABDB206F61EE88E2B3A78FB95346F00053EF645B51F1CB799891DB6E
                                                                                                                                                                                                                                                                                          Function 004039AA Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 293 4039aa-4039c2 call 406694 296 4039c4-4039d4 call 406201 293->296 297 4039d6-403a0d call 406188 293->297 306 403a30-403a59 call 403c80 call 405c97 296->306 302 403a25-403a2b lstrcatW 297->302 303 403a0f-403a20 call 406188 297->303 302->306 303->302 311 403aeb-403af3 call 405c97 306->311 312 403a5f-403a64 306->312 318 403b01-403b26 LoadImageW 311->318 319 403af5-403afc call 4062dc 311->319 312->311 313 403a6a-403a92 call 406188 312->313 313->311 320 403a94-403a98 313->320 322 403ba7-403baf call 40140b 318->322 323 403b28-403b58 RegisterClassW 318->323 319->318 324 403aaa-403ab6 lstrlenW 320->324 325 403a9a-403aa7 call 405bbc 320->325 336 403bb1-403bb4 322->336 337 403bb9-403bc4 call 403c80 322->337 326 403c76 323->326 327 403b5e-403ba2 SystemParametersInfoW CreateWindowExW 323->327 331 403ab8-403ac6 lstrcmpiW 324->331 332 403ade-403ae6 call 405b8f call 4062ba 324->332 325->324 330 403c78-403c7f 326->330 327->322 331->332 335 403ac8-403ad2 GetFileAttributesW 331->335 332->311 339 403ad4-403ad6 335->339 340 403ad8-403ad9 call 405bdb 335->340 336->330 346 403bca-403be4 ShowWindow call 406624 337->346 347 403c4d-403c4e call 4053f5 337->347 339->332 339->340 340->332 352 403bf0-403c02 GetClassInfoW 346->352 353 403be6-403beb call 406624 346->353 351 403c53-403c55 347->351 354 403c57-403c5d 351->354 355 403c6f-403c71 call 40140b 351->355 359 403c04-403c14 GetClassInfoW RegisterClassW 352->359 360 403c1a-403c3d DialogBoxParamW call 40140b 352->360 353->352 354->336 356 403c63-403c6a call 40140b 354->356 355->326 356->336 359->360 364 403c42-403c4b call 4038fa 360->364 364->330
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                            • Part of subcall function 00406694: GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                                                                                                                            • Part of subcall function 00406694: GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DB000,00450248,80000001,Control Panel\Desktop\ResourceLocale,00000000,00450248,00000000,00000002,004DF000,74DF3420,004CB000,00000000), ref: 00403A2B
                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,004CF000,004DB000,00450248,80000001,Control Panel\Desktop\ResourceLocale,00000000,00450248,00000000,00000002,004DF000), ref: 00403AAB
                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,004CF000,004DB000,00450248,80000001,Control Panel\Desktop\ResourceLocale,00000000,00450248,00000000), ref: 00403ABE
                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(Remove folder: ), ref: 00403AC9
                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004CF000), ref: 00403B12
                                                                                                                                                                                                                                                                                            • Part of subcall function 00406201: wsprintfW.USER32 ref: 0040620E
                                                                                                                                                                                                                                                                                          • RegisterClassW.USER32(00472E80), ref: 00403B4F
                                                                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B67
                                                                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B9C
                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403BD2
                                                                                                                                                                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit20W,00472E80), ref: 00403BFE
                                                                                                                                                                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit,00472E80), ref: 00403C0B
                                                                                                                                                                                                                                                                                          • RegisterClassW.USER32(00472E80), ref: 00403C14
                                                                                                                                                                                                                                                                                          • DialogBoxParamW.USER32(?,00000000,00403D58,00000000), ref: 00403C33
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                          • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                                                                                                          • API String ID: 1975747703-564491471
                                                                                                                                                                                                                                                                                          • Opcode ID: f1b2be5f89fac0cbf9958f47fdf3d8daba4c0bfed37b59ff3d0d792caf125e20
                                                                                                                                                                                                                                                                                          • Instruction ID: e946f9b6b947081a315c1f95bc525aa973ad4f651662e5f5477bf26fdb3bf1de
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1b2be5f89fac0cbf9958f47fdf3d8daba4c0bfed37b59ff3d0d792caf125e20
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B361C8302407007ED720AF669E45E2B3A6CEB8474AF40417FF985B51E2DBBD5951CB2E
                                                                                                                                                                                                                                                                                          Function 004062DC Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 209stringCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 367 4062dc-4062e7 368 4062e9-4062f8 367->368 369 4062fa-406310 367->369 368->369 370 406316-406323 369->370 371 406528-40652e 369->371 370->371 374 406329-406330 370->374 372 406534-40653f 371->372 373 406335-406342 371->373 376 406541-406545 call 4062ba 372->376 377 40654a-40654b 372->377 373->372 375 406348-406354 373->375 374->371 378 406515 375->378 379 40635a-406398 375->379 376->377 383 406523-406526 378->383 384 406517-406521 378->384 381 4064b8-4064bc 379->381 382 40639e-4063a9 379->382 387 4064be-4064c4 381->387 388 4064ef-4064f3 381->388 385 4063c2 382->385 386 4063ab-4063b0 382->386 383->371 384->371 392 4063c9-4063d0 385->392 386->385 389 4063b2-4063b5 386->389 390 4064d4-4064e0 call 4062ba 387->390 391 4064c6-4064d2 call 406201 387->391 393 406502-406513 lstrlenW 388->393 394 4064f5-4064fd call 4062dc 388->394 389->385 396 4063b7-4063ba 389->396 405 4064e5-4064eb 390->405 391->405 398 4063d2-4063d4 392->398 399 4063d5-4063d7 392->399 393->371 394->393 396->385 401 4063bc-4063c0 396->401 398->399 403 406412-406415 399->403 404 4063d9-406400 call 406188 399->404 401->392 406 406425-406428 403->406 407 406417-406423 GetSystemDirectoryW 403->407 417 4064a0-4064a3 404->417 418 406406-40640d call 4062dc 404->418 405->393 409 4064ed 405->409 411 406493-406495 406->411 412 40642a-406438 GetWindowsDirectoryW 406->412 410 406497-40649b 407->410 414 4064b0-4064b6 call 40654e 409->414 410->414 419 40649d 410->419 411->410 416 40643a-406444 411->416 412->411 414->393 422 406446-406449 416->422 423 40645e-406474 SHGetSpecialFolderLocation 416->423 417->414 420 4064a5-4064ab lstrcatW 417->420 418->410 419->417 420->414 422->423 426 40644b-406452 422->426 427 406476-40648d SHGetPathFromIDListW CoTaskMemFree 423->427 428 40648f 423->428 429 40645a-40645c 426->429 427->410 427->428 428->411 429->410 429->423
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(Remove folder: ,00002000), ref: 0040641D
                                                                                                                                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(Remove folder: ,00002000,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,?,00405359,Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,00000000), ref: 00406430
                                                                                                                                                                                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(00405359,0042CE00,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,?,00405359,Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,00000000), ref: 0040646C
                                                                                                                                                                                                                                                                                          • SHGetPathFromIDListW.SHELL32(0042CE00,Remove folder: ), ref: 0040647A
                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(0042CE00), ref: 00406485
                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 004064AB
                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,?,00405359,Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,00000000), ref: 00406503
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                                                                                                                                                                          • String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                                          • API String ID: 717251189-3098098953
                                                                                                                                                                                                                                                                                          • Opcode ID: 412c271bb9d070f278564469311d6f605cf1b48e62db3e13451b1dc2679c3c4f
                                                                                                                                                                                                                                                                                          • Instruction ID: deb4280fb9253f119c0dee44fead77f8699473dbe43bed35a1e393a154a8df3c
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 412c271bb9d070f278564469311d6f605cf1b48e62db3e13451b1dc2679c3c4f
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87612371A00115AADF209F64DC44BAE37A5EF45318F22803FE907B62D0D77D9AA1C75E
                                                                                                                                                                                                                                                                                          Function 00402EDD Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 430 402edd-402f2b GetTickCount GetModuleFileNameW call 405db0 433 402f37-402f65 call 4062ba call 405bdb call 4062ba GetFileSize 430->433 434 402f2d-402f32 430->434 442 403052-403060 call 402e79 433->442 443 402f6b 433->443 435 40310f-403113 434->435 449 403062-403065 442->449 450 4030b5-4030ba 442->450 445 402f70-402f87 443->445 447 402f89 445->447 448 402f8b-402f94 call 403331 445->448 447->448 456 402f9a-402fa1 448->456 457 4030bc-4030c4 call 402e79 448->457 452 403067-40307f call 403347 call 403331 449->452 453 403089-4030b3 GlobalAlloc call 403347 call 403116 449->453 450->435 452->450 478 403081-403087 452->478 453->450 476 4030c6-4030d7 453->476 461 402fa3-402fb7 call 405d6b 456->461 462 40301d-403021 456->462 457->450 467 40302b-403031 461->467 481 402fb9-402fc0 461->481 466 403023-40302a call 402e79 462->466 462->467 466->467 473 403040-40304a 467->473 474 403033-40303d call 406787 467->474 473->445 477 403050 473->477 474->473 483 4030d9 476->483 484 4030df-4030e4 476->484 477->442 478->450 478->453 481->467 482 402fc2-402fc9 481->482 482->467 486 402fcb-402fd2 482->486 483->484 487 4030e5-4030eb 484->487 486->467 488 402fd4-402fdb 486->488 487->487 489 4030ed-403108 SetFilePointer call 405d6b 487->489 488->467 490 402fdd-402ffd 488->490 493 40310d 489->493 490->450 492 403003-403007 490->492 494 403009-40300d 492->494 495 40300f-403017 492->495 493->435 494->477 494->495 495->467 496 403019-40301b 495->496 496->467
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00402EEE
                                                                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,004E7000,00002000,?,00000006,00000008,0000000A), ref: 00402F0A
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405DB0: GetFileAttributesW.KERNELBASE(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405DB0: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,004EB000,00000000,004D7000,004D7000,004E7000,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F56
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          • Inst, xrefs: 00402FC2
                                                                                                                                                                                                                                                                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004030B5
                                                                                                                                                                                                                                                                                          • soft, xrefs: 00402FCB
                                                                                                                                                                                                                                                                                          • Error launching installer, xrefs: 00402F2D
                                                                                                                                                                                                                                                                                          • Null, xrefs: 00402FD4
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                                          • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                                          • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                                          • Opcode ID: 6fdf7a3c576b274adc95fc68e3ac1b8cc101307f87f608dfe476064d1f7918cb
                                                                                                                                                                                                                                                                                          • Instruction ID: d807cc789e5c0b6659aec278a7977cb1897ccc82e3fedab9e592eb30a9b28e48
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fdf7a3c576b274adc95fc68e3ac1b8cc101307f87f608dfe476064d1f7918cb
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23511671901205ABDB20AF61DD85B9F7FACEB0431AF20403BF914B62D5C7789E818B9D
                                                                                                                                                                                                                                                                                          Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 561 40176f-401794 call 402c41 call 405c06 566 401796-40179c call 4062ba 561->566 567 40179e-4017b0 call 4062ba call 405b8f lstrcatW 561->567 572 4017b5-4017b6 call 40654e 566->572 567->572 576 4017bb-4017bf 572->576 577 4017c1-4017cb call 4065fd 576->577 578 4017f2-4017f5 576->578 586 4017dd-4017ef 577->586 587 4017cd-4017db CompareFileTime 577->587 580 4017f7-4017f8 call 405d8b 578->580 581 4017fd-401819 call 405db0 578->581 580->581 588 40181b-40181e 581->588 589 40188d-4018b6 call 405322 call 403116 581->589 586->578 587->586 590 401820-40185e call 4062ba * 2 call 4062dc call 4062ba call 405920 588->590 591 40186f-401879 call 405322 588->591 603 4018b8-4018bc 589->603 604 4018be-4018ca SetFileTime 589->604 590->576 623 401864-401865 590->623 601 401882-401888 591->601 605 402ace 601->605 603->604 607 4018d0-4018db CloseHandle 603->607 604->607 611 402ad0-402ad4 605->611 608 4018e1-4018e4 607->608 609 402ac5-402ac8 607->609 612 4018e6-4018f7 call 4062dc lstrcatW 608->612 613 4018f9-4018fc call 4062dc 608->613 609->605 619 401901-4022fc call 405920 612->619 613->619 619->609 619->611 623->601 625 401867-401868 623->625 625->591
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(00000000,00000000,ExecShellAsUser,004D3000,?,?,00000031), ref: 004017B0
                                                                                                                                                                                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,ExecShellAsUser,ExecShellAsUser,00000000,00000000,ExecShellAsUser,004D3000,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                                                                                                            • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405322: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405322: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,0040327A,0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,00000000,0042CE00,74DF23A0), ref: 0040537D
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405322: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\), ref: 0040538F
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp$C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\StdUtils.dll$ExecShellAsUser
                                                                                                                                                                                                                                                                                          • API String ID: 1941528284-1591456379
                                                                                                                                                                                                                                                                                          • Opcode ID: 84cc1ef8d08a74648e49299eefb5f22073aa957ae4a4092afed5da839c45f715
                                                                                                                                                                                                                                                                                          • Instruction ID: c6e8234c1d4b6e0ef99598e998ad36802638a9a190aaa2bd7459f070bf199d51
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84cc1ef8d08a74648e49299eefb5f22073aa957ae4a4092afed5da839c45f715
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9841B471900514BACF107BA5CD45DAF3A79EF05368F20423FF422B10E1DA3C86919A6E
                                                                                                                                                                                                                                                                                          Function 00406624 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 627 406624-406644 GetSystemDirectoryW 628 406646 627->628 629 406648-40664a 627->629 628->629 630 40665b-40665d 629->630 631 40664c-406655 629->631 633 40665e-406691 wsprintfW LoadLibraryExW 630->633 631->630 632 406657-406659 631->632 632->633
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                                                                                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00406676
                                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040668A
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                                                                          • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                                                                                          • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                                                                                          • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                                                                                                                                                                          • Instruction ID: 9fa172bba6ca99a644905d2b6d7ed641771312ed853c50fe9922007c80c3d461
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CF0FC70501119A6CF10BB64DD0EF9B365CA700304F10447AA54AF10D1EBB9DB64CB99
                                                                                                                                                                                                                                                                                          Function 00403116 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 634 403116-40312d 635 403136-40313f 634->635 636 40312f 634->636 637 403141 635->637 638 403148-40314d 635->638 636->635 637->638 639 40315d-40316a call 403331 638->639 640 40314f-403158 call 403347 638->640 644 403170-403174 639->644 645 40331f 639->645 640->639 646 4032ca-4032cc 644->646 647 40317a-4031c3 GetTickCount 644->647 648 403321-403322 645->648 649 40330c-40330f 646->649 650 4032ce-4032d1 646->650 651 403327 647->651 652 4031c9-4031d1 647->652 653 40332a-40332e 648->653 657 403311 649->657 658 403314-40331d call 403331 649->658 650->651 654 4032d3 650->654 651->653 655 4031d3 652->655 656 4031d6-4031e4 call 403331 652->656 659 4032d6-4032dc 654->659 655->656 656->645 668 4031ea-4031f3 656->668 657->658 658->645 666 403324 658->666 663 4032e0-4032ee call 403331 659->663 664 4032de 659->664 663->645 671 4032f0-4032f5 call 405e62 663->671 664->663 666->651 670 4031f9-403219 call 4067f5 668->670 676 4032c2-4032c4 670->676 677 40321f-403232 GetTickCount 670->677 675 4032fa-4032fc 671->675 678 4032c6-4032c8 675->678 679 4032fe-403308 675->679 676->648 680 403234-40323c 677->680 681 40327d-40327f 677->681 678->648 679->659 684 40330a 679->684 685 403244-40327a MulDiv wsprintfW call 405322 680->685 686 40323e-403242 680->686 682 403281-403285 681->682 683 4032b6-4032ba 681->683 688 403287-40328e call 405e62 682->688 689 40329c-4032a7 682->689 683->652 690 4032c0 683->690 684->651 685->681 686->681 686->685 694 403293-403295 688->694 693 4032aa-4032ae 689->693 690->651 693->670 695 4032b4 693->695 694->678 696 403297-40329a 694->696 695->651 696->693
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CountTick$wsprintf
                                                                                                                                                                                                                                                                                          • String ID: ... %d%%
                                                                                                                                                                                                                                                                                          • API String ID: 551687249-2449383134
                                                                                                                                                                                                                                                                                          • Opcode ID: 791be84a4dbf0ce6e2b89685bbb0426d8c944effbebd544c9fcf1485a6d681ca
                                                                                                                                                                                                                                                                                          • Instruction ID: f437ad28db75119c3a693f92e670aa5c34007c7df9fe8e0debaece40423bbb79
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 791be84a4dbf0ce6e2b89685bbb0426d8c944effbebd544c9fcf1485a6d681ca
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D517D71900219DBDB10DF66EA44AAE7BB8AB04356F54417FEC14B72C0CB388A51CBA9
                                                                                                                                                                                                                                                                                          Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 697 401c1f-401c3f call 402c1f * 2 702 401c41-401c48 call 402c41 697->702 703 401c4b-401c4f 697->703 702->703 704 401c51-401c58 call 402c41 703->704 705 401c5b-401c61 703->705 704->705 708 401c63-401c7f call 402c1f * 2 705->708 709 401caf-401cd9 call 402c41 * 2 FindWindowExW 705->709 721 401c81-401c9d SendMessageTimeoutW 708->721 722 401c9f-401cad SendMessageW 708->722 720 401cdf 709->720 723 401ce2-401ce5 720->723 721->723 722->720 724 402ac5-402ad4 723->724 725 401ceb 723->725 725->724
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C8F
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA7
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                                          • String ID: !
                                                                                                                                                                                                                                                                                          • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                                          • Opcode ID: 3fb84e4798befa08d55ab41dd677560f87883767086f956b8989b4831fa63046
                                                                                                                                                                                                                                                                                          • Instruction ID: 1af55e8da281c8781352e9764615226c40e2312ccaecb42dabcb88ef8baddf82
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3fb84e4798befa08d55ab41dd677560f87883767086f956b8989b4831fa63046
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5621C371948209AEEF049FB5DE4AABE7BB4EF84304F14443EF605B61D0D7B889809B19
                                                                                                                                                                                                                                                                                          Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 728 4023e4-402415 call 402c41 * 2 call 402cd1 735 402ac5-402ad4 728->735 736 40241b-402425 728->736 737 402427-402434 call 402c41 lstrlenW 736->737 738 402438-40243b 736->738 737->738 740 40243d-40244e call 402c1f 738->740 741 40244f-402452 738->741 740->741 745 402463-402477 RegSetValueExW 741->745 746 402454-40245e call 403116 741->746 750 402479 745->750 751 40247c-40255d RegCloseKey 745->751 746->745 750->751 751->735
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsv7F40.tmp,00000023,00000011,00000002), ref: 0040242F
                                                                                                                                                                                                                                                                                          • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsv7F40.tmp,00000000,00000011,00000002), ref: 0040246F
                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsv7F40.tmp,00000000,00000011,00000002), ref: 00402557
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CloseValuelstrlen
                                                                                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp
                                                                                                                                                                                                                                                                                          • API String ID: 2655323295-1308027579
                                                                                                                                                                                                                                                                                          • Opcode ID: 1af8095f3c9504d2ce798825688ccba5ec512a5a8ae6ba4a7bc3247cfd6f00f3
                                                                                                                                                                                                                                                                                          • Instruction ID: a703f9f7a84a81219e2528cb215680d2185ac4e531b753f9c0eacf199e84c27d
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1af8095f3c9504d2ce798825688ccba5ec512a5a8ae6ba4a7bc3247cfd6f00f3
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF118471D00104BEEB10AFA5DE89EAEBA74AB44754F11803BF504F71D1D7F48D409B29
                                                                                                                                                                                                                                                                                          Function 004057F1 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 753 4057f1-40583c CreateDirectoryW 754 405842-40584f GetLastError 753->754 755 40583e-405840 753->755 756 405869-40586b 754->756 757 405851-405865 SetFileSecurityW 754->757 755->756 757->755 758 405867 GetLastError 757->758 758->756
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405834
                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00405848
                                                                                                                                                                                                                                                                                          • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 0040585D
                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00405867
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3449924974-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 817c7eeb2e6ade2cce28f3b9d2e4670c9c7091e2f59c9eba6f9578a5288f1365
                                                                                                                                                                                                                                                                                          • Instruction ID: d156970015101e62572267df52bf1fb018b172c5ebb67f048bc3511340661aba
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 817c7eeb2e6ade2cce28f3b9d2e4670c9c7091e2f59c9eba6f9578a5288f1365
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB010872D00219EADF009FA1C944BEFBBB8EF14304F00803AE945B6280D7789618CFA9
                                                                                                                                                                                                                                                                                          Function 00405C97 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 759 405c97-405cb2 call 4062ba call 405c3a 764 405cb4-405cb6 759->764 765 405cb8-405cc5 call 40654e 759->765 766 405d10-405d12 764->766 769 405cd5-405cd9 765->769 770 405cc7-405ccd 765->770 772 405cef-405cf8 lstrlenW 769->772 770->764 771 405ccf-405cd3 770->771 771->764 771->769 773 405cfa-405d0e call 405b8f GetFileAttributesW 772->773 774 405cdb-405ce2 call 4065fd 772->774 773->766 779 405ce4-405ce7 774->779 780 405ce9-405cea call 405bdb 774->780 779->764 779->780 780->772
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                            • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405C3A: CharNextW.USER32(?,?,C:\,?,00405CAE,C:\,C:\,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420,00000000), ref: 00405C48
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C4D
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C65
                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420,00000000), ref: 00405CF0
                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420), ref: 00405D00
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                                                                          • String ID: C:\
                                                                                                                                                                                                                                                                                          • API String ID: 3248276644-3404278061
                                                                                                                                                                                                                                                                                          • Opcode ID: 1236b3014a845ece28ca986cac263987dd07c4e4a123605a37d0802bd6a8cdf3
                                                                                                                                                                                                                                                                                          • Instruction ID: 4e01e145a0ed536ad24acc563e8a85444835dd946e40d448b56664b374cc0476
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1236b3014a845ece28ca986cac263987dd07c4e4a123605a37d0802bd6a8cdf3
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21F0F43500DF6125F626333A1C45AAF2555CE82328B6A057FFC62B12D2DA3C89539D7E
                                                                                                                                                                                                                                                                                          Function 00405DDF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 782 405ddf-405deb 783 405dec-405e20 GetTickCount GetTempFileNameW 782->783 784 405e22-405e24 783->784 785 405e2f-405e31 783->785 784->783 786 405e26 784->786 787 405e29-405e2c 785->787 786->787
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00405DFD
                                                                                                                                                                                                                                                                                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,004CB000,0040338D,004DB000,004DF000,004DF000,004DF000,004DF000,004DF000,74DF3420,004035D9), ref: 00405E18
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                          • String ID: nsa
                                                                                                                                                                                                                                                                                          • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                                          • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                                                                                                                                                                          • Instruction ID: af8b6ba947558e1b0daa3aed001b6e0f80e178ffca66ecedc63f3e0829e9a41e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61F03076A00304FBEB009F69ED05E9FB7BCEB95710F10803AE941E7250E6B09A548B64
                                                                                                                                                                                                                                                                                          Function 00402032 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 0040205D
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405322: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405322: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,0040327A,0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,00000000,0042CE00,74DF23A0), ref: 0040537D
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405322: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\), ref: 0040538F
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040206E
                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 004020EB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 334405425-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 72a5e19f9697d1318c9a310d29b5b60265bfdb2e952e74c10cb73e1909f0eb38
                                                                                                                                                                                                                                                                                          • Instruction ID: 3abd81b96889d1c7eb1cceed2e7b5e281284f1a6e6a9a5ff44b88a827c8e1d1c
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72a5e19f9697d1318c9a310d29b5b60265bfdb2e952e74c10cb73e1909f0eb38
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8821B071D00205AACF20AFA5CE48A9E7A70BF04358F60413BF511B11E0DBBD8981DA6E
                                                                                                                                                                                                                                                                                          Function 00401B77 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GlobalFree.KERNELBASE(00889740), ref: 00401BE7
                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,00004004), ref: 00401BF9
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Global$AllocFree
                                                                                                                                                                                                                                                                                          • String ID: ExecShellAsUser
                                                                                                                                                                                                                                                                                          • API String ID: 3394109436-869331269
                                                                                                                                                                                                                                                                                          • Opcode ID: 0ee5b69d2cfb3a0a2e0f3aae0319e9b1983c649d140d642359d16bc307d41886
                                                                                                                                                                                                                                                                                          • Instruction ID: 2ffc4b8e8b305263ff1bfe934f744a2e7f0909984677ca7ca3d2d917788d1148
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ee5b69d2cfb3a0a2e0f3aae0319e9b1983c649d140d642359d16bc307d41886
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52210A76600100ABCB10FF95CE8499E73A8EB48318BA4443FF506F32D0DB78A852DB6D
                                                                                                                                                                                                                                                                                          Function 00402259 Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                            • Part of subcall function 004065FD: FindFirstFileW.KERNELBASE(004DF000,00468298,C:\,00405CE0,C:\,C:\,00000000,C:\,C:\,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420), ref: 00406608
                                                                                                                                                                                                                                                                                            • Part of subcall function 004065FD: FindClose.KERNEL32(00000000), ref: 00406614
                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32 ref: 00402299
                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00000000), ref: 004022A4
                                                                                                                                                                                                                                                                                          • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004022CD
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FileFindlstrlen$CloseFirstOperation
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 1486964399-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 29d6f0bed4bd2d50b69dd1226e545e03bb95794d8620927361660d91590f24b0
                                                                                                                                                                                                                                                                                          • Instruction ID: edc96df04b91ed766a503f65766f364d086ea8d205cfe5bb15309c141496b913
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29d6f0bed4bd2d50b69dd1226e545e03bb95794d8620927361660d91590f24b0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57117071900318A6DB10EFF98E4999EB7B8AF04344F50443FB805F72D1D6B8C4419B59
                                                                                                                                                                                                                                                                                          Function 00405984 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405D8B: GetFileAttributesW.KERNELBASE(?,?,00405990,?,?,00000000,00405B66,?,?,?,?), ref: 00405D90
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405D8B: SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405DA4
                                                                                                                                                                                                                                                                                          • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405B66), ref: 0040599F
                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(?,?,?,00000000,00405B66), ref: 004059A7
                                                                                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 004059BF
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 1655745494-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 280825f6b60181aa2d378306bbdc3da53de5ab3d89a200e418c4f7b9ea6af3cc
                                                                                                                                                                                                                                                                                          • Instruction ID: 825022a906987a8d14f11fb4079f6fb6242afe5a54bc5f1377d2c32e3c215ab4
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 280825f6b60181aa2d378306bbdc3da53de5ab3d89a200e418c4f7b9ea6af3cc
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1E0E5B1119F5096D21067349A0CB5B2AA4DF86334F05093AF891F11C0DB3844068EBE
                                                                                                                                                                                                                                                                                          Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405C3A: CharNextW.USER32(?,?,C:\,?,00405CAE,C:\,C:\,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420,00000000), ref: 00405C48
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C4D
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C65
                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                                                                                                            • Part of subcall function 004057F1: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405834
                                                                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNELBASE(?,004D3000,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 1892508949-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 125bac33416d21a80fc522b842b933099275dd0dd1ea66691da55d5ffdcd1f5d
                                                                                                                                                                                                                                                                                          • Instruction ID: 536d45c59d08a7b21130d9dbd5b0e10796a041e4a40079992e14d28e29d42f71
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 125bac33416d21a80fc522b842b933099275dd0dd1ea66691da55d5ffdcd1f5d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2211E231504505EBCF30AFA1CD0159F36A0EF14369B28493BFA45B22F1DB3E8A919B5E
                                                                                                                                                                                                                                                                                          Function 00402484 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024B5
                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsv7F40.tmp,00000000,00000011,00000002), ref: 00402557
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CloseQueryValue
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3356406503-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 8c6ae37f0c00b40db9a7f0b8771259aad396ca2ebfe9c6ecab15c5ec5bd387db
                                                                                                                                                                                                                                                                                          • Instruction ID: 1206e07bb255176646816810ef0290bee69920d7ecde6c9ccbb84b14c6b4306b
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c6ae37f0c00b40db9a7f0b8771259aad396ca2ebfe9c6ecab15c5ec5bd387db
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E311A771D10205EBDF14DFA4CA585AE77B4EF44348B20843FE505B72C0D6B89A41EB5E
                                                                                                                                                                                                                                                                                          Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                          • Opcode ID: be076caaca7df3d109edefedbdc7bfa3a965653d784c315eb79774cf5cfe89e5
                                                                                                                                                                                                                                                                                          • Instruction ID: ea42f58d7670a619ed9131e80823b54190387dbc53765a55c310ef4228f9fff3
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be076caaca7df3d109edefedbdc7bfa3a965653d784c315eb79774cf5cfe89e5
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF0128316202109BE7095B789E04B2A3798E710315F10463FF855F62F1D6B8CC829B5C
                                                                                                                                                                                                                                                                                          Function 004053F5 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 00405405
                                                                                                                                                                                                                                                                                            • Part of subcall function 0040427D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                                                                                                                          • CoUninitialize.COMBASE(00000404,00000000), ref: 00405451
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InitializeMessageSendUninitialize
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2896919175-0
                                                                                                                                                                                                                                                                                          • Opcode ID: a1f8c397b5266fa352d60afbf9b4c77fa9abc53c67a054b05b22dcb893a39c3f
                                                                                                                                                                                                                                                                                          • Instruction ID: 7813e2a1ccdf537c56c01956b79198a0443dbd649336f33e6835a7e221d2fb99
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1f8c397b5266fa352d60afbf9b4c77fa9abc53c67a054b05b22dcb893a39c3f
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ABF090B25406009BE7015B549D01BAB7760EFD431AF05443EFF89B22E0D77948928E6E
                                                                                                                                                                                                                                                                                          Function 00401E49 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000000), ref: 00401E67
                                                                                                                                                                                                                                                                                          • EnableWindow.USER32(00000000,00000000), ref: 00401E72
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Window$EnableShow
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 1136574915-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 87f8232cb56b7a5d6ce9856bfa50bd061077f9975d19b3a51d23438555d97d86
                                                                                                                                                                                                                                                                                          • Instruction ID: fc8c1c2e7d4a5a8f9e35cd12a8e681b154a8316ed36a6d041aa31def844ca7e2
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87f8232cb56b7a5d6ce9856bfa50bd061077f9975d19b3a51d23438555d97d86
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61E01A72E082008FE724ABA5AA495AD77B4EB90365B20847FE211F11D1DA7858819F6A
                                                                                                                                                                                                                                                                                          Function 00406694 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                                                                                                                            • Part of subcall function 00406624: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                                                                                                                                                                                                                                                                                            • Part of subcall function 00406624: wsprintfW.USER32 ref: 00406676
                                                                                                                                                                                                                                                                                            • Part of subcall function 00406624: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040668A
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2547128583-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 2c450699f5e5c6ed5e41876474a170b73f17b01a65d70064c3ee9ca103cb2d45
                                                                                                                                                                                                                                                                                          • Instruction ID: 155b38c425e345f43688a0673e138072f65e923c2ca09dacbbabb210d44f0fbf
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c450699f5e5c6ed5e41876474a170b73f17b01a65d70064c3ee9ca103cb2d45
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50E0863250461156D31197709E4487762EC9B95750307483EF946F2091DB399C36A66D
                                                                                                                                                                                                                                                                                          Function 00403915 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • FreeLibrary.KERNELBASE(?,004DF000,00000000,74DF3420,004038ED,00403703,00000006,?,00000006,00000008,0000000A), ref: 0040392F
                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00403936
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 1100898210-0
                                                                                                                                                                                                                                                                                          • Opcode ID: bd7b370b1f223a5589d226506ef49f546026ce3eccc4315b581019b2d362f361
                                                                                                                                                                                                                                                                                          • Instruction ID: 228f896298dd83b048f64e6024dd5859bf02c68f9830d759f3998b57695c5827
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd7b370b1f223a5589d226506ef49f546026ce3eccc4315b581019b2d362f361
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12E0C2334122205BC6215F04ED08B5A776CAF49B32F15407AFA807B2A087B81C928FC8
                                                                                                                                                                                                                                                                                          Function 00405DB0 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                                                                                                                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                          • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                                                                                                                                                                                                                          • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                                                                                                                                                                                                                                                                          Function 00405D8B Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,00405990,?,?,00000000,00405B66,?,?,?,?), ref: 00405D90
                                                                                                                                                                                                                                                                                          • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405DA4
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                          • Opcode ID: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                                                                                                                          • Instruction ID: fe430eedc911e7c92ce83e5abbc00e08444bb0e311ec0623c818608bfa408f6d
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BD0C972504420ABD2512728AF0C89BBB95DB542717028B39FAA9A22B0CB304C568A98
                                                                                                                                                                                                                                                                                          Function 004038D0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(FFFFFFFF,00403703,00000006,?,00000006,00000008,0000000A), ref: 004038DB
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\, xrefs: 004038EF
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\
                                                                                                                                                                                                                                                                                          • API String ID: 2962429428-3961614012
                                                                                                                                                                                                                                                                                          • Opcode ID: 6cd6e50f5f17456ee504dea1d279a22ffa05636b30f87aa31bf8984a95f31d7c
                                                                                                                                                                                                                                                                                          • Instruction ID: f79f1cdd038f729e9031bf35a7c7ad7adb8aafebcc14ea038f42f7e62efb972e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cd6e50f5f17456ee504dea1d279a22ffa05636b30f87aa31bf8984a95f31d7c
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69C0127054070496C1206F759D4F6193E54AB8173BB604776B0B8B10F1C77C4B59595E
                                                                                                                                                                                                                                                                                          Function 0040586E Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00000000,00403382,004DF000,004DF000,004DF000,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 00405874
                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 00405882
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 1375471231-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                                                                                                                                                                                                                          • Instruction ID: b5712d1dc6f90c91938fb9970759bfac189bcafefc635788875416fd9ee2894b
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FC04C712155019ED7546F619F08B277A50EB60781F158839A946E10E0DB348465ED2D
                                                                                                                                                                                                                                                                                          Function 00406155 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CF2,00000000,?,?), ref: 0040617E
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Create
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                                                                                                                                                                          • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                                                                                                                                                          • Instruction ID: dcb86bc894ab99bc20e37dc8a6176b737b641c0fdee4176656c7f25b47436c56
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75E0E6B2110109BEEF195F50DD0AD7B375DE704304F01452EFA06D4091E6B5AD315634
                                                                                                                                                                                                                                                                                          Function 00405E62 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,004032FA,000000FF,00428200,?,00428200,?,?,00000004,00000000), ref: 00405E76
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                                                                                                                          • Instruction ID: 8754e0b6f25d564075f0081c534dd79b85a2df0f0bc88b3642164a4a3ec1e455
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDE0B63221065AAFDF109F95DC00AAB7B6CEB052A0F044437FD59E7150D671EA21DAE4
                                                                                                                                                                                                                                                                                          Function 00405E33 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,00403344,00000000,00000000,00403168,?,00000004,00000000,00000000,00000000), ref: 00405E47
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                                                                                                                          • Instruction ID: bd732019988057c431ec21c3a2c50b1292625b962aa4d7912315599e48db2a91
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9E08C3220021AABCF20AF54DC00FEB3B6CEB05760F004832FD65E6040E230EA219BE8
                                                                                                                                                                                                                                                                                          Function 00406127 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,004061B5,?,00000000,?,?,Remove folder: ,?), ref: 0040614B
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Open
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 71445658-0
                                                                                                                                                                                                                                                                                          • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                                                                                                                                                          • Instruction ID: b908bd292ce434c6339c018d18c1e3bfafdd2f7559b63d477f04a141d62eba1a
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94D0123214020DFBDF119E909D01FAB775DAB08350F014426FE06A9191D776D530AB14
                                                                                                                                                                                                                                                                                          Function 00404231 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,?,00000000), ref: 0040424B
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: ItemText
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3367045223-0
                                                                                                                                                                                                                                                                                          • Opcode ID: fbaad98f197721c3337b4145f660dfcccd1462cc21775b0cc75c291dee439915
                                                                                                                                                                                                                                                                                          • Instruction ID: 58c8b0ee816a9f079cb4560b894257bfb9dfa06490f5d5235509ae25e2c95a64
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fbaad98f197721c3337b4145f660dfcccd1462cc21775b0cc75c291dee439915
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79C04C76148300BFD681BB55CC42F1FB79DEF94315F44C52EB59CA11E2C63A84309B26
                                                                                                                                                                                                                                                                                          Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                          • Opcode ID: df53f0ac968c80b2573d185eedc41732bb4466fa0b660203ffcc6a72f8356a2c
                                                                                                                                                                                                                                                                                          • Instruction ID: 539d97cecbd0a6245bb22c05259f77f590d4a0b0d5c0f28d123e3a53dcb21da8
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df53f0ac968c80b2573d185eedc41732bb4466fa0b660203ffcc6a72f8356a2c
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6C09BB27403007BDE11CB909E49F1777545790740F18447DB348F51E0D6B4D490D61C
                                                                                                                                                                                                                                                                                          Function 00403347 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • SetFilePointer.KERNELBASE(?,00000000,00000000,004030A4,?,?,00000006,00000008,0000000A), ref: 00403355
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                          • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                                                                                                                          • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                                                                                                                                                                                                                                          Function 00404266 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000028,?,00000001,00404091), ref: 00404274
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 916ba585e608d634958797641490031ceb4b368d387894d1e0aab50b7c43ae9e
                                                                                                                                                                                                                                                                                          • Instruction ID: 80b1fa8ab317a3fb83bf0bb9afc1fcb2ede285a6b5c9b7890d3d6fe7da01b763
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 916ba585e608d634958797641490031ceb4b368d387894d1e0aab50b7c43ae9e
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69B092361C4600AAEE118B50DE49F497A62E7A4702F008138B244640B0CAB200E0DB09
                                                                                                                                                                                                                                                                                          Function 00404253 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,0040402A), ref: 0040425D
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                          • Opcode ID: ea082ecd867c03a11dfd78164402b3a9c9d6e2ba96aa803d9d5c73deeff3904d
                                                                                                                                                                                                                                                                                          • Instruction ID: 6a6b83ba7992c3eb947fe44f0607646ae594aefa1fc7371f7d6a783f6fb0b7b0
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea082ecd867c03a11dfd78164402b3a9c9d6e2ba96aa803d9d5c73deeff3904d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4EA002754445019BCF015B50DF098057A61F7A4701B114479B5555103596314860EB19

                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                          Function 00404C9E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F9), ref: 00404CB6
                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000408), ref: 00404CC1
                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D0B
                                                                                                                                                                                                                                                                                          • LoadBitmapW.USER32(0000006E), ref: 00404D1E
                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000FC,00405296), ref: 00404D37
                                                                                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D4B
                                                                                                                                                                                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D5D
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404D73
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D7F
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D91
                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00404D94
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404DBF
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404DCB
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E61
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E8C
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404EA0
                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404ECF
                                                                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EDD
                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00404EEE
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FEB
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00405050
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405065
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405089
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004050A9
                                                                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(?), ref: 004050BE
                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 004050CE
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405147
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001102,?,?), ref: 004051F0
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051FF
                                                                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 0040521F
                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 0040526D
                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FE), ref: 00405278
                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 0040527F
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                          • String ID: $M$N
                                                                                                                                                                                                                                                                                          • API String ID: 1638840714-813528018
                                                                                                                                                                                                                                                                                          • Opcode ID: 21818fa51d6b588aeca07265a4b81a3a3b935111f3ce34767c97606af49217ff
                                                                                                                                                                                                                                                                                          • Instruction ID: 350e9793ba1948ff1935c4af006ad7833f39553502bf8ecbcf91bc97059cc7bb
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21818fa51d6b588aeca07265a4b81a3a3b935111f3ce34767c97606af49217ff
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C0281B0900209AFDB10DFA4DD85AAE7BB5FB44314F10417AF614BA2E1C7799D92CF58
                                                                                                                                                                                                                                                                                          Function 00404722 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 275stringCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FB), ref: 00404771
                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 0040479B
                                                                                                                                                                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 0040484C
                                                                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00404857
                                                                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(Remove folder: ,00450248,00000000,?,?), ref: 00404889
                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,Remove folder: ), ref: 00404895
                                                                                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004048A7
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405904: GetDlgItemTextW.USER32(?,?,00002000,004048DE), ref: 00405917
                                                                                                                                                                                                                                                                                            • Part of subcall function 0040654E: CharNextW.USER32(?,*?|<>/":,00000000,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065B1
                                                                                                                                                                                                                                                                                            • Part of subcall function 0040654E: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004065C0
                                                                                                                                                                                                                                                                                            • Part of subcall function 0040654E: CharNextW.USER32(?,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065C5
                                                                                                                                                                                                                                                                                            • Part of subcall function 0040654E: CharPrevW.USER32(?,?,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065D8
                                                                                                                                                                                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(00440218,?,?,0000040F,?,00440218,00440218,?,00000001,00440218,?,?,000003FB,?), ref: 0040496A
                                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404985
                                                                                                                                                                                                                                                                                            • Part of subcall function 00404ADE: lstrlenW.KERNEL32(00450248,00450248,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B7F
                                                                                                                                                                                                                                                                                            • Part of subcall function 00404ADE: wsprintfW.USER32 ref: 00404B88
                                                                                                                                                                                                                                                                                            • Part of subcall function 00404ADE: SetDlgItemTextW.USER32(?,00450248), ref: 00404B9B
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                          • String ID: A$Remove folder:
                                                                                                                                                                                                                                                                                          • API String ID: 2624150263-1936035403
                                                                                                                                                                                                                                                                                          • Opcode ID: d9ff5aa2ff53ffbe0c3723e23dc604a8a31f393e15f5d8e1a009d79f52351d08
                                                                                                                                                                                                                                                                                          • Instruction ID: aec38ac33e169681c2ce75898e964705c21f391e9d8eef84a8e49708370a7c65
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9ff5aa2ff53ffbe0c3723e23dc604a8a31f393e15f5d8e1a009d79f52351d08
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CA173B1900208ABDB11AFA5CD45AAF77B8EF84314F10847BF605B62D1D77C99418F6D
                                                                                                                                                                                                                                                                                          Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402877
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FileFindFirst
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 1974802433-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 54b460b755f9bf27e46ac1d39a8a1124328dc74cebdc85c095498b08f8838b6a
                                                                                                                                                                                                                                                                                          • Instruction ID: 11d43fc069a5ea90b0fea77c2c23c6da8a8dfc92bb9fdb714ff4c9b8b345b962
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54b460b755f9bf27e46ac1d39a8a1124328dc74cebdc85c095498b08f8838b6a
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BF08271A14104EFDB00EBA4DA499ADB378EF04314F6045BBF515F21D1DBB45D909B2A
                                                                                                                                                                                                                                                                                          Function 00406B15 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 9639f9c0007cb4c124acbb6985d7f6f1a05031d6bc3fffd11e08744ca1378656
                                                                                                                                                                                                                                                                                          • Instruction ID: 703def0becceeecb9d8561ea32c53bcab4b84ebc773a8a1d0b412cad538f794c
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9639f9c0007cb4c124acbb6985d7f6f1a05031d6bc3fffd11e08744ca1378656
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EE1797190470ADFDB24CF99C880BAAB7F5FF44305F15852EE497A7291E378AA91CB04
                                                                                                                                                                                                                                                                                          Function 004072EC Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                                          • Opcode ID: 0e4e8af0329ccb159007ad6c77c0af05cb35f857c46231da8f5d0a1659340364
                                                                                                                                                                                                                                                                                          • Instruction ID: 59779062152899835760f0dc2f5c49596223a290c6efd11eddd93cbc7c663e45
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e4e8af0329ccb159007ad6c77c0af05cb35f857c46231da8f5d0a1659340364
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FC15831E04219DBDF18CF68C8905EEBBB2BF88314F25866AC85677380D734A942CF95
                                                                                                                                                                                                                                                                                          Function 004043F0 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040448E
                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 004044A2
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004044BF
                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 004044D0
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044DE
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044EC
                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 004044F1
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044FE
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404513
                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,0000040A), ref: 0040456C
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000), ref: 00404573
                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 0040459E
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045E1
                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 004045EF
                                                                                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 004045F2
                                                                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0040460B
                                                                                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 0040460E
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040463D
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040464F
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                                                                                                          • String ID: N$Remove folder: $gC@
                                                                                                                                                                                                                                                                                          • API String ID: 3103080414-3559505530
                                                                                                                                                                                                                                                                                          • Opcode ID: 96cce4fce431ccadf5917f17b99feddee1f1d895ae547b1ae29d71d99e1dfbb5
                                                                                                                                                                                                                                                                                          • Instruction ID: 3402c350d7270d9961c63d8365249516a5ebc70a9ec23ab72cb453283ebd69b0
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96cce4fce431ccadf5917f17b99feddee1f1d895ae547b1ae29d71d99e1dfbb5
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7761BEB1900209BFDB009F60DD85EAA7B69FB85305F00843AF705B62D0D77D9961CF99
                                                                                                                                                                                                                                                                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                                                                          • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                                                                          • DrawTextW.USER32(00000000,00472EE0,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                          • String ID: F
                                                                                                                                                                                                                                                                                          • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                          • Opcode ID: bf214f377d6857cb708af565e6f61848071267d92be3f24c40ffd1659e9a65ef
                                                                                                                                                                                                                                                                                          • Instruction ID: 4eb8147a30471c2b969484520d7d1b1c24976f3a1718a772f7b725b3b94c1b26
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf214f377d6857cb708af565e6f61848071267d92be3f24c40ffd1659e9a65ef
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C418A71800249AFCF058FA5DE459AF7BB9FF44314F00842AF991AA1A0C778D954DFA4
                                                                                                                                                                                                                                                                                          Function 00405F06 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004060A1,?,?), ref: 00405F41
                                                                                                                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(?,004688E8,00000400), ref: 00405F4A
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405D15: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D25
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405D15: lstrlenA.KERNEL32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D57
                                                                                                                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(?,004690E8,00000400), ref: 00405F67
                                                                                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00405F85
                                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,004690E8,C0000000,00000004,004690E8,?,?,?,?,?), ref: 00405FC0
                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405FCF
                                                                                                                                                                                                                                                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406007
                                                                                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,004684E8,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 0040605D
                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 0040606E
                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406075
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405DB0: GetFileAttributesW.KERNELBASE(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405DB0: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                                                                                                          • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                                                                                                                          • API String ID: 2171350718-461813615
                                                                                                                                                                                                                                                                                          • Opcode ID: b694a888aaf83b7fce4c3b5560ec35c5a1d29ec5cfaa1e3dee45fb0367e4abd5
                                                                                                                                                                                                                                                                                          • Instruction ID: 1ccef14564d3a4e3590f6d96bf23d62cdd24cd7414a0bd79904b9c13782922cd
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b694a888aaf83b7fce4c3b5560ec35c5a1d29ec5cfaa1e3dee45fb0367e4abd5
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08312530641B05BBC220AB659D48F6B3AACDF45744F15003FFA42F72C2EB7C98118AAD
                                                                                                                                                                                                                                                                                          Function 00405322 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,0040327A,0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,00000000,0042CE00,74DF23A0), ref: 0040537D
                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\), ref: 0040538F
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                                                                                                          • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\
                                                                                                                                                                                                                                                                                          • API String ID: 2531174081-1303993628
                                                                                                                                                                                                                                                                                          • Opcode ID: 03d69ce82fc4e5908464ead601bb3ac1f64f2a51dd32175340e58c4215b781fb
                                                                                                                                                                                                                                                                                          • Instruction ID: c4a8b4fbc7344707c8dcd13f789004ac01d88f238d1262f53b2d1dabcf784db2
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03d69ce82fc4e5908464ead601bb3ac1f64f2a51dd32175340e58c4215b781fb
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F21A171900518BBCB11AFA5DD849CFBFB9EF45350F10807AF904B62A0C7B94A80DFA8
                                                                                                                                                                                                                                                                                          Function 00404298 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 004042B5
                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(00000000), ref: 004042F3
                                                                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 004042FF
                                                                                                                                                                                                                                                                                          • SetBkMode.GDI32(?,?), ref: 0040430B
                                                                                                                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 0040431E
                                                                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 0040432E
                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00404348
                                                                                                                                                                                                                                                                                          • CreateBrushIndirect.GDI32(?), ref: 00404352
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                          • Opcode ID: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                                                                                                                          • Instruction ID: a3c6a1d12b74a4a342abaca89036a15a37f51972f1e3113ed1cbee018e9c0b42
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 772156716007059BC724DF78D948B5B77F4AF81710B04893DED96A26E0D734E544CB54
                                                                                                                                                                                                                                                                                          Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,?,?), ref: 004026B6
                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026F1
                                                                                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402714
                                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040272A
                                                                                                                                                                                                                                                                                            • Part of subcall function 00405E91: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405EA7
                                                                                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D6
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                                                                                                                          • API String ID: 163830602-2366072709
                                                                                                                                                                                                                                                                                          • Opcode ID: 14dc679b194e2ee8669cd1598f353bf1a997ac59cdf020ac1a3b5a5ea93b2031
                                                                                                                                                                                                                                                                                          • Instruction ID: 75c70889326ed48cf653b65eedce39ba48716a77e36bbd16e72a3e0392bfe49c
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14dc679b194e2ee8669cd1598f353bf1a997ac59cdf020ac1a3b5a5ea93b2031
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C511975D00219AEDF219F95DA88AAEB779FF04304F10443BE901B72D0DBB89982CB58
                                                                                                                                                                                                                                                                                          Function 00404BEC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404C07
                                                                                                                                                                                                                                                                                          • GetMessagePos.USER32 ref: 00404C0F
                                                                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00404C29
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404C3B
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C61
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                          • String ID: f
                                                                                                                                                                                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                          • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                                                                                                                          • Instruction ID: 457ccdd811883e010b73e4973708530e0d9e00004b69c5e73a61d7a3cd07de8f
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF015271900218BAEB10DBA4DD85BFEBBBCAF95711F10412BBA50B71D0D7B499018BA4
                                                                                                                                                                                                                                                                                          Function 00401DB9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetDC.USER32(?), ref: 00401DBC
                                                                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD6
                                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(00000000,00000000), ref: 00401DDE
                                                                                                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00401DEF
                                                                                                                                                                                                                                                                                          • CreateFontIndirectW.GDI32(0041E5D0), ref: 00401E3E
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                                                                                                          • String ID: MS Shell Dlg
                                                                                                                                                                                                                                                                                          • API String ID: 3808545654-76309092
                                                                                                                                                                                                                                                                                          • Opcode ID: 0e1e500c30e805fc948415589c08143fac03f34b0e69f739ebe91b2620e6c296
                                                                                                                                                                                                                                                                                          • Instruction ID: 2f87ef527a079fcd98b3174ff93e15f92fad6858fb92d4176ae60913c966d855
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e1e500c30e805fc948415589c08143fac03f34b0e69f739ebe91b2620e6c296
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A01B575604240BFE700ABF1AE0ABDD7FB5AB55309F10887DF641B61E2DA7840458B2D
                                                                                                                                                                                                                                                                                          Function 00402DF3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E11
                                                                                                                                                                                                                                                                                          • MulDiv.KERNEL32(053AB35D,00000064,053AB361), ref: 00402E3C
                                                                                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00402E4C
                                                                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00402E5C
                                                                                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E6E
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          • verifying installer: %d%%, xrefs: 00402E46
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                          • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                                          • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                                          • Opcode ID: 087799c81dd47644162d60d698aafe3a885b0c6ac9c219555e2ca42e9c1670eb
                                                                                                                                                                                                                                                                                          • Instruction ID: dfd142ddc65d39fdaa73b229a9921dc7c235b7e072e3123d651e00bd55f03bcf
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 087799c81dd47644162d60d698aafe3a885b0c6ac9c219555e2ca42e9c1670eb
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60014F7164020CABEF209F60DE49FAE3B69AB44304F008439FA06B51E0DBB895558B98
                                                                                                                                                                                                                                                                                          Function 004028AD Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402901
                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 0040291D
                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00402956
                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00402969
                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402981
                                                                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402995
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2667972263-0
                                                                                                                                                                                                                                                                                          • Opcode ID: ff87bf99e36aab27b6384dee017154e4bdeff7ac382f3b09721b2446f84e6f42
                                                                                                                                                                                                                                                                                          • Instruction ID: 85d8fb478e53a7d33050a02afe9876517184a336e4e72b82bbd0c3cba42884f9
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff87bf99e36aab27b6384dee017154e4bdeff7ac382f3b09721b2446f84e6f42
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D121AEB1800128BBDF116FA5DE89DDE7E79EF08364F14423AF960762E0CB794C418B98
                                                                                                                                                                                                                                                                                          Function 0040654E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CharNextW.USER32(?,*?|<>/":,00000000,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065B1
                                                                                                                                                                                                                                                                                          • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004065C0
                                                                                                                                                                                                                                                                                          • CharNextW.USER32(?,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065C5
                                                                                                                                                                                                                                                                                          • CharPrevW.USER32(?,?,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065D8
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                          • String ID: *?|<>/":
                                                                                                                                                                                                                                                                                          • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                                          • Opcode ID: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                                                                                                                                                                                                                          • Instruction ID: 36fae6fd7d65e337959ab81909abbfc549fe516cf0b4c9ff473ab524d2c4c229
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B611B65580061279DB302B14BC40EB762F8EF54764F56403FED86732C8EBBC5C9292AD
                                                                                                                                                                                                                                                                                          Function 00402598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsv7F40.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\StdUtils.dll,00002000,?,?,00000021), ref: 004025E8
                                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\StdUtils.dll,?,?,C:\Users\user\AppData\Local\Temp\nsv7F40.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\StdUtils.dll,00002000,?,?,00000021), ref: 004025F3
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWidelstrlen
                                                                                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp$C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\StdUtils.dll
                                                                                                                                                                                                                                                                                          • API String ID: 3109718747-746797268
                                                                                                                                                                                                                                                                                          • Opcode ID: 991fae946bdf019a7c315e2a20c045ecd4589044c4e58f1009f440a7fe048d5b
                                                                                                                                                                                                                                                                                          • Instruction ID: b23dc685b5da5394ac89c8ab13f2cbf985e24fd8d9932a4f5164fd221fdd45c5
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 991fae946bdf019a7c315e2a20c045ecd4589044c4e58f1009f440a7fe048d5b
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76110B72A04201BADB146FF18E89A9F76659F44398F204C3FF102F61D1EAFC89415B5D
                                                                                                                                                                                                                                                                                          Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00401D63
                                                                                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 00401D70
                                                                                                                                                                                                                                                                                          • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D91
                                                                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D9F
                                                                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00401DAE
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                          • Opcode ID: aa13740a01abf0a12383255fbb6bacfc07128faef757ca7dce2eb0223a04ec7c
                                                                                                                                                                                                                                                                                          • Instruction ID: d9fd13ec482603559a9c09f77eb5ae76b99fbdc016b4c624d38ebcad95bf5f4c
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa13740a01abf0a12383255fbb6bacfc07128faef757ca7dce2eb0223a04ec7c
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28F0FF72A04518AFDB01DBE4DF88CEEB7BCEB48341B14047AF641F61A0CA749D519B78
                                                                                                                                                                                                                                                                                          Function 00404ADE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00450248,00450248,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B7F
                                                                                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00404B88
                                                                                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00450248), ref: 00404B9B
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                          • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                                          • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                                          • Opcode ID: c75ab1504dd8104253bdc04bf71218fd338cad173e8ef5afb4fab122f1cee964
                                                                                                                                                                                                                                                                                          • Instruction ID: 65d6ef813479b3ccfd969ec0db039784a4d8c6b5967a53089d3579ec78c560c8
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c75ab1504dd8104253bdc04bf71218fd338cad173e8ef5afb4fab122f1cee964
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 401193736041282ADB00656D9C45F9E369C9B85334F25423BFA65F21D1E979D82582E8
                                                                                                                                                                                                                                                                                          Function 00405C3A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CharNextW.USER32(?,?,C:\,?,00405CAE,C:\,C:\,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420,00000000), ref: 00405C48
                                                                                                                                                                                                                                                                                          • CharNextW.USER32(00000000), ref: 00405C4D
                                                                                                                                                                                                                                                                                          • CharNextW.USER32(00000000), ref: 00405C65
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CharNext
                                                                                                                                                                                                                                                                                          • String ID: C:\
                                                                                                                                                                                                                                                                                          • API String ID: 3213498283-3404278061
                                                                                                                                                                                                                                                                                          • Opcode ID: 92222cf075acf2fbc044c76267536a24963eff6ee4d7f8d65295f56b9dd724d0
                                                                                                                                                                                                                                                                                          • Instruction ID: 75375947fb2108fa8988f35f37760ff259c71c6e50658764317197b9124938a5
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92222cf075acf2fbc044c76267536a24963eff6ee4d7f8d65295f56b9dd724d0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DAF0BB61908F1199FB3177644C49E7B66BCDB55350B04853FD641B71C0D7F84C818BD9
                                                                                                                                                                                                                                                                                          Function 00402D44 Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402DA9
                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DB2
                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DD3
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Close$Enum
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 464197530-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 783bf1924eaceae6677feedcc5031a151434ee63f91e097ea153fa5b1c868383
                                                                                                                                                                                                                                                                                          • Instruction ID: fc7ade2e12cd9e993d25f9a328d8db16c9603ee1eb20de8c24b8f84b94a82c23
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 783bf1924eaceae6677feedcc5031a151434ee63f91e097ea153fa5b1c868383
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4116A32500109FBDF02AB90CE09FEE7B7DAF54340F100076B904B51E1E7B59E21AB68
                                                                                                                                                                                                                                                                                          Function 00402E79 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,00000000,00403059,00000001,?,00000006,00000008,0000000A), ref: 00402E8C
                                                                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00402EAA
                                                                                                                                                                                                                                                                                          • CreateDialogParamW.USER32(0000006F,00000000,00402DF3,00000000), ref: 00402EC7
                                                                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402ED5
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 924f9f108daf828ee83ef716cb3535c52cefc1d4ff45c1c6af266e6598bfdb86
                                                                                                                                                                                                                                                                                          • Instruction ID: 9c0cd9c85579b1f1539786df4f617efd254904ce91a486f6a135d178cfad0ab8
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 924f9f108daf828ee83ef716cb3535c52cefc1d4ff45c1c6af266e6598bfdb86
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AF05E30485630EBD6506B20FE0CACB7BA5FB84B41B0149BAF005B11E4D7B85880CBDC
                                                                                                                                                                                                                                                                                          Function 00405296 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 004052C5
                                                                                                                                                                                                                                                                                          • CallWindowProcW.USER32(?,?,?,?), ref: 00405316
                                                                                                                                                                                                                                                                                            • Part of subcall function 0040427D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                                          • Opcode ID: 7d5e46cc1e5f02d88c983cfba86e53e431cbed6f21b5100807b47a566b29449e
                                                                                                                                                                                                                                                                                          • Instruction ID: 334c9fee3abb3f39d596823d3a3537c7effd0098edc8ca0b3d981ed7cb288a41
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d5e46cc1e5f02d88c983cfba86e53e431cbed6f21b5100807b47a566b29449e
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9015A31100709ABEB205F51DD94A9B3B26EB84795F20507AFA007A1D1D7BA9C919E2E
                                                                                                                                                                                                                                                                                          Function 00406188 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00004000,00000002,?,00000000,?,?,Remove folder: ,?,?,004063FC,80000002), ref: 004061CE
                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,004063FC,80000002,Software\Microsoft\Windows\CurrentVersion,Remove folder: ,Remove folder: ,Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\), ref: 004061D9
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CloseQueryValue
                                                                                                                                                                                                                                                                                          • String ID: Remove folder:
                                                                                                                                                                                                                                                                                          • API String ID: 3356406503-1958208860
                                                                                                                                                                                                                                                                                          • Opcode ID: caab4bc250bb6a278ef1a8ac262e6d4f4be946af9bdb02c3b8c6b2633afb5ee1
                                                                                                                                                                                                                                                                                          • Instruction ID: 8659262355d6ebf2290daf59b07b2549fc881bd87fa0bb5ea6267207f8cb0b09
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: caab4bc250bb6a278ef1a8ac262e6d4f4be946af9bdb02c3b8c6b2633afb5ee1
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68017C72500209EADF218F51DD09EDB3BB8EF55364F01403AFE16A61A1D378DA64EBA4
                                                                                                                                                                                                                                                                                          Function 004058A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00468250,Error launching installer), ref: 004058CC
                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 004058D9
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          • Error launching installer, xrefs: 004058B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                          • String ID: Error launching installer
                                                                                                                                                                                                                                                                                          • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                                          • Opcode ID: 63fdd641d1b9510881a379fce0cbff5cab58f1c092c5a17148380fd449a2e826
                                                                                                                                                                                                                                                                                          • Instruction ID: 30392a530fa928b09b8412afc6dc4f2cd20664ca8a9f97139eafb5a2ce14b88a
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63fdd641d1b9510881a379fce0cbff5cab58f1c092c5a17148380fd449a2e826
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33E09AB5540609BFEB009B64DD05F7B77ACEB04708F508565BD51F2150EB749C148A79
                                                                                                                                                                                                                                                                                          Function 00405D15 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D25
                                                                                                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D3D
                                                                                                                                                                                                                                                                                          • CharNextA.USER32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D4E
                                                                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D57
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.1994281619.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994186617.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994330518.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000464000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1994380140.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.1997536649.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Yoranis Setup.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                                                                                                                                                                          • Instruction ID: cc601e2af81a4130f3690bf6756e9ae730db34a97aa71f580e1783f9e5236296
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3DF0F631200818FFC7129FA4DD049AFBBA8EF06354B2580BAE840F7211D634DE02AF98