Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Yoranis Setup.exe

Overview

General Information

Sample name:Yoranis Setup.exe
Analysis ID:1584251
MD5:b3cbd672cb20b2112488d26a6b325e69
SHA1:c752f280a123a30177ba1e17d770bead2c0644a9
SHA256:9bdec941d05ba0c0f365e2198600914d6001745cf554b8e6673d5045b7f6205d
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Drops large PE files
Excessive usage of taskkill to terminate processes
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Usage Of Web Request Commands And Cmdlets
Stores files to the Windows start menu directory
Too many similar processes found
Uses 32bit PE files
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64native
  • Yoranis Setup.exe (PID: 7308 cmdline: "C:\Users\user\Desktop\Yoranis Setup.exe" MD5: B3CBD672CB20B2112488D26A6B325E69)
    • cmd.exe (PID: 8056 cmdline: "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YoransSetup.exe" /FO csv | "C:\Windows\system32\find.exe" "YoransSetup.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 2700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 3656 cmdline: tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • find.exe (PID: 1796 cmdline: "C:\Windows\system32\find.exe" "YoransSetup.exe" MD5: 31D06677CD9ACA84EA2E2E8E3BF22D65)
  • YoransSetup.exe (PID: 7488 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" MD5: 19A61DB800E68F1BCB442D9B2531E6BC)
    • cmd.exe (PID: 3392 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 6588 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • YoransSetup.exe (PID: 4672 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1664 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: 19A61DB800E68F1BCB442D9B2531E6BC)
    • cmd.exe (PID: 4592 cmdline: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • curl.exe (PID: 4840 cmdline: curl http://api.ipify.org/ --ssl-no-revoke MD5: 1C3645EBDDBE2DA6A32A5F9FB43A3C23)
    • cmd.exe (PID: 1504 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 3664 cmdline: wmic bios get smbiosbiosversion MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
    • cmd.exe (PID: 900 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7644 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 3960 cmdline: wmic MemoryChip get /format:list MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
      • find.exe (PID: 6000 cmdline: find /i "Speed" MD5: AE3F3DC3ED900F2A582BAD86A764508C)
    • YoransSetup.exe (PID: 7280 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2404 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: 19A61DB800E68F1BCB442D9B2531E6BC)
    • cmd.exe (PID: 564 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 1648 cmdline: wmic path win32_VideoController get name MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
    • cmd.exe (PID: 6464 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • powershell.exe (PID: 5652 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 6592 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 5672 cmdline: taskkill /IM chrome.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6704 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5400 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 7332 cmdline: taskkill /IM msedge.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4424 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4916 cmdline: taskkill /IM brave.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7592 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 1608 cmdline: taskkill /IM firefox.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3348 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 5440 cmdline: taskkill /IM opera.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2556 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4632 cmdline: taskkill /IM kometa.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7852 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 7456 cmdline: taskkill /IM orbitum.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7764 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6232 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 7564 cmdline: taskkill /IM centbrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7328 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4840 cmdline: taskkill /IM 7star.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5480 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4912 cmdline: taskkill /IM sputnik.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5368 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 816 cmdline: taskkill /IM vivaldi.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 572 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4132 cmdline: taskkill /IM epicprivacybrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6880 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 6532 cmdline: taskkill /IM uran.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6000 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 2476 cmdline: taskkill /IM yandex.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1820 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 5072 cmdline: taskkill /IM iridium.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5652 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 3692 cmdline: tasklist /FI "IMAGENAME eq msedge.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 6464 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 3644 cmdline: tasklist /FI "IMAGENAME eq firefox.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 5816 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 2504 cmdline: tasklist /FI "IMAGENAME eq chrome.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 4432 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 7748 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 1652 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 552 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 6604 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 5540 cmdline: taskkill /IM chrome.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8172 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6884 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 1920 cmdline: taskkill /IM msedge.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5964 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 2556 cmdline: taskkill /IM brave.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1260 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 8060 cmdline: taskkill /IM firefox.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4320 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 7328 cmdline: taskkill /IM opera.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5440 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4608 cmdline: taskkill /IM kometa.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3412 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 7444 cmdline: taskkill /IM orbitum.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 284 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 1476 cmdline: taskkill /IM centbrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4472 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 2040 cmdline: taskkill /IM 7star.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3544 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 6060 cmdline: taskkill /IM sputnik.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4400 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4728 cmdline: taskkill /IM vivaldi.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1740 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 6204 cmdline: taskkill /IM epicprivacybrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 572 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 3528 cmdline: taskkill /IM uran.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5992 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 8012 cmdline: taskkill /IM yandex.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2708 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 1744 cmdline: taskkill /IM iridium.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • chrome.exe (PID: 8092 cmdline: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000 MD5: BB7C48CDDDE076E7EB44022520F40F77)
    • cmd.exe (PID: 1472 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 4104 cmdline: tasklist /FI "IMAGENAME eq msedge.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7976 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 6876 cmdline: tasklist /FI "IMAGENAME eq firefox.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 3260 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 4652 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 3128 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 5616 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 2096 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6400 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 2728 cmdline: tasklist /FI "IMAGENAME eq chrome.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7756 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 6004 cmdline: taskkill /IM chrome.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • msedge.exe (PID: 4644 cmdline: "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000 MD5: 40AAE14A5C86EA857FA6E5FED689C48E)
      • msedge.exe (PID: 4960 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3448241921201964185,6892278070021911797,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2412 /prefetch:3 MD5: 40AAE14A5C86EA857FA6E5FED689C48E)
    • cmd.exe (PID: 2940 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 3180 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 2040 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 7672 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7432 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 6908 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8232 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 8292 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8324 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 8380 cmdline: taskkill /IM Steam.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8412 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 8468 cmdline: taskkill /IM javaw.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8500 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 8556 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8588 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 8644 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8676 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 8732 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8764 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 8820 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8852 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 8908 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Browser Started with Remote Debugging
Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, CommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe, ParentProcessId: 7488, ParentProcessName: YoransSetup.exe, ProcessCommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, ProcessId: 8092, ProcessName: chrome.exe
Sigma detected: Usage Of Web Request Commands And Cmdlets
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke", CommandLine: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe, ParentProcessId: 7488, ParentProcessName: YoransSetup.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke", ProcessId: 4592, ProcessName: cmd.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, CommandLine: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6464, ParentProcessName: cmd.exe, ProcessCommandLine: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, ProcessId: 5652, ProcessName: powershell.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: Yoranis Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\Yoranis Setup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b4a0680f-9ee1-57b1-adfd-e68812be32d6Jump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txtJump to behavior
Source: Yoranis Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\projects\src\out\Default\dxcompiler.dll.pdb source: Yoranis Setup.exe, 00000000.00000003.330047764144.0000000007A01000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpackedJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resourcesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modulesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\buildJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\localesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-jsJump to behavior
Source: Joe Sandbox ViewIP Address: 9.9.9.9 9.9.9.9
Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox ViewIP Address: 143.244.215.221 143.244.215.221
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgUser-Agent: curl/7.55.1Accept: */*
Source: global trafficDNS traffic detected: DNS query: api.ipify.org
Source: global trafficDNS traffic detected: DNS query: api.iwannaeatcats.com
Source: global trafficDNS traffic detected: DNS query: api.gofile.io
Source: global trafficDNS traffic detected: DNS query: file.io
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global trafficDNS traffic detected: DNS query: assets.msn.com
Source: global trafficDNS traffic detected: DNS query: api.msn.com
Source: global trafficDNS traffic detected: DNS query: c.msn.com
Source: global trafficDNS traffic detected: DNS query: dns.quad9.net
Source: global trafficTCP traffic: 192.168.11.20:53645 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:53645 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:53645 -> 239.255.255.250:1900
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.1/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.1:1337/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.1:80/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.2/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.2:1337/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.2:80/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1/32
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://2x.io)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://a.b.example
Source: curl.exe, 0000000E.00000002.330302534079.00000201D98D0000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000E.00000002.330302534079.00000201D98D7000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000E.00000002.330302717861.00000201D98EF000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000E.00000003.330301939739.00000201D98EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.ipify.org/
Source: curl.exe, 0000000E.00000002.330302534079.00000201D98D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.ipify.org/--ssl-no-revoke
Source: curl.exe, 0000000E.00000002.330302717861.00000201D98EF000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000E.00000003.330301939739.00000201D98EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.ipify.org/j
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me/)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue5752
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/chromium/issues/detail?id=76293
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/gyp/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/gyp/issues/detail?id=122
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/gyp/wiki/GypLanguageSpecification
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/1352358
Source: Yoranis Setup.exe, 00000000.00000003.330022143469.0000000005250000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: http://crbug.com/275944
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/378067
Source: Yoranis Setup.exe, 00000000.00000003.330022143469.0000000005250000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: http://crbug.com/437891.
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/456214
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/497301
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/510270
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/514696
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/642141
Source: Yoranis Setup.exe, 00000000.00000003.330022143469.0000000005250000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: http://crbug.com/672186).
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/717501
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/775961
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/819404
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/839189
Source: Yoranis Setup.exe, 00000000.00000003.330022143469.0000000005250000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: http://crbug.com/957772
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://debuggable.com/)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dominictarr.com)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://example.no
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://example.sub
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://freedesktop.org
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/troygoode/)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://indigounited.com)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://istanbul-js.org/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://maxao.free.fr/xcode-plugin-interface/specifications.html
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://n8.io/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://n8.io/)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://no.sub.example
Source: Yoranis Setup.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org/)
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/1068308/13216
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/62888/10333
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/37519828
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sub.example
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sub.example:1337
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sub.example:80
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tootallnate.net)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://travis-ci.org/troygoode/node-require-directory)
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tukaani.org/xz/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://unexpected.proxy
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.exodus.io)
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.freedesktop.org/wiki/Software/xdg-user-dirs
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.futurealoof.com)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.webrtc.org
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://x.prefexample
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://zlib.net/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/gyp/issues/detail?id=530
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3056
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=4118
Source: resources.pak.0.drString found in binary or memory: https://chrome.google.com/webstore
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.dr, pt-BR.pak.0.drString found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: en-US.pak.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?u
Source: en-US.pak.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=enCtrl$1
Source: fr.pak.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=fr&category=theme81https://myactivity.google.com/myactivity/?u
Source: fr.pak.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=frCtrl$1
Source: pt-BR.pak.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=pt-BRCtrl$1
Source: uk.pak.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=uk&category=theme81https://myactivity.google.com/myactivity/?u
Source: uk.pak.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=ukCtrl$1
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.drString found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: Yoranis Setup.exe, 00000000.00000003.330022143469.0000000005250000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: https://chromewebstore.google.com/
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/webm/libwebm
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/webm/libwebp
Source: resources.pak.0.drString found in binary or memory: https://codereview.chromium.org/25305002).
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://coveralls.io/github/JoshGlazebrook/smart-buffer?branch=master)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://coveralls.io/repos/github/JoshGlazebrook/smart-buffer/badge.svg?branch=master)
Source: resources.pak.0.drString found in binary or memory: https://crbug.com/1201800
Source: resources.pak.0.drString found in binary or memory: https://crbug.com/1245093):
Source: resources.pak.0.drString found in binary or memory: https://crbug.com/1446731
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.apple.com/download/more/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/includes
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWith
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download.developer.apple.com/Developer_Tools/Command_Line_Tools_for_Xcode_11.5/Command_Line_
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://eslint.org/docs/rules/no-buffer-constructor)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org/opensource
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org/support
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ChALkeR
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ChALkeR/safer-buffer.git
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Cyan4973/xxHash
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/smart-buffer.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/smart-buffer/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/socks#api-reference)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/socks.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/socks/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/MeriemKhelifi)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/RABEHAJA-STEVENS)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Rob--W/proxy-from-env#readme
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Rob--W/proxy-from-env.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/RyanZim/universalify#readme
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/RyanZim/universalify.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/STRML/async-limiter
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TooTallNate/node-socks-proxy-agent#readme
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TooTallNate/util-deprecate
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TroyGoode)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/alexei)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/alexei/sprintf.js.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/alograg)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/andrasq)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/andrewrk/node-mv/blob/master/package.json
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/arose)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/beck)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/bitinn/node-fetch
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/calvinmetcalf/process-nextick-args
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/calvinmetcalf/process-nextick-args.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/wrap-ansi?sponsor=1
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer).
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/daurnimator)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/rc.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/varstruct
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/varstruct.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/seco-file#readme
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/seco-file.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/secure-container#readme
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/secure-container.git
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/zstd
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/safe-buffer
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/simple-concat
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/simple-get
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fredludlow)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giann)
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/woff2
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/wuffs-mirror-release-c
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/xnnpack
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/promise-inflight#readme
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/promise-inflight.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/unique-filename
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/unique-filename.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/wide-align
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/minipass-fetch)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/minipass.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/node-tar.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/yallist.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/johnnyshields)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyeecheung/node-dep-codemod#dep005)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-fs-extra
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-fs-extra/pull/141
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/lgeiger/node-abi/issues/54
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/litmit)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/pump
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-fs
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-fs.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-stream
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-stream.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/marob)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mikeal/tunnel-agent
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mrvisser)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/msimerson)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nazar-pc)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/node4good/windows-autoconf
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/Release#release-schedule)).
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/TSC/blob/master/Moderation-Policy.md
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/gyp-next
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/gyp-next/archive/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#installation
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#installation)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#on-macos
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#on-windows
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/issues/1779
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/issues/1861
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/issues/1927
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/raw/master/macOS_Catalina_acid_test.sh
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/b3fcc245fb25539909ef1d5eaa01dbf92e168633/lib/path.js#L56
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/c8a04049/lib/internal/errors.js
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/master/CODE_OF_CONDUCT.md
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/v10.8.0/lib/internal/errors.js
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/8871#issuecomment-250915913
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/string_decoder
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/cacache
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/cli/blob/4c65cd952bc8627811735bea76b9b110cc4fc80e/lib/utils/ansi-trim.js
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/make-fetch-happen
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/minipass-fetch.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/move-file
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-semver.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/blob/51b6627a1f357d2eb433e7378e5f05e83b7aa6cd/lib/header.js#L349
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/issues/183
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/pull/187
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/nopt.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/npmlog.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/ssri
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/wrappy
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ohler/ert
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/oliversalzburg)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pigulla)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ppollono)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/node-gyp-build
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/node-gyp-build.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/prebuild-install
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/prebuild-install.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/rebeccapeltz)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/feross
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/isaacs
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/sindresorhus
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/stingstrom)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tapjs/signal-exit
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tapjs/signal-exit.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tim-kos/node-retry
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/timgates42)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/troygoode/node-require-directory/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-coff
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-machine-type
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-machine-type-descriptor
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-signature
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-signature-offset
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/win-detect-browsers
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/windows-env
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/websockets/ws
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/websockets/ws.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/websockets/ws/issues/1202
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/websockets/ws/issues/1869.
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/websockets/ws/issues/1940.
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/wodka)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/set-blocking#readme
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/set-blocking.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/y18n
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/yargs#supported-nodejs-versions
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/yargs-parser#supported-nodejs-versions
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/yargs-parser.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/yargs.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/zkochan/packages/tree/main/which-pm-runs
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/zkochan/packages/tree/main/which-pm-runs#readme
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/xdg/xdgmime
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/xorg/proto/xproto/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hackerone.com/reports/541502
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hsivonen.fi/encoding-menu/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/comms.html#the-websocket-interface
Source: Yoranis Setup.exe, 00000000.00000003.330047764144.00000000079D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://llvm.org/svn/llvm-project/cfe/tags/RELEASE_370/final/lib/Basic/Version.cpp
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.dr, pt-BR.pak.0.drString found in binary or memory: https://myactivity.google.com/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodei.co/npm/require-directory.png?downloads=true&stars=true)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodei.co/npm/require-directory/)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodei.co/npm/smart-buffer.png?downloads=true&downloadRank=true&stars=true
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/dist
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://npm.im/$
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://npmjs.org/package/require-directory))
Source: uk.pak.0.drString found in binary or memory: https://passwords.google.com
Source: fr.pak.0.drString found in binary or memory: https://passwords.google.comCompte
Source: en-US.pak.0.drString found in binary or memory: https://passwords.google.comGoogle
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.dr, pt-BR.pak.0.drString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.dr, pt-BR.pak.0.drString found in binary or memory: https://policies.google.com/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ponyfill.com/)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://robwu.nl/)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://secure.travis-ci.org/troygoode/node-require-directory.png)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://semver.org/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com)
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/wtl/files/WTL%2010/
Source: uk.pak.0.dr, fr.pak.0.drString found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.drString found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.dr, pt-BR.pak.0.drString found in binary or memory: https://support.google.com/chromebook?p=app_intent
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/security).
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc1928#section-3
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5234#appendix-B.1
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc6455#section-9.1
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://travis-ci.org/JoshGlazebrook/smart-buffer)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://travis-ci.org/JoshGlazebrook/smart-buffer.svg?branch=master)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/intent/user?screen_name=troygoode)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://unpkg.com/cliui
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://unpkg.com/yargs-parser
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#grammardef-option-expression
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.cl.cam.ac.uk/%7Emgk25/ucs/utf8_check.c
Source: resources.pak.0.drString found in binary or memory: https://www.google.com/
Source: uk.pak.0.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html
Source: fr.pak.0.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html&AideG
Source: pt-BR.pak.0.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlA&judaGerenciado
Source: en-US.pak.0.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlH&elpManaged
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/buffer-alloc)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/buffer-from)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/safe-buffer)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/safer-buffer)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/wrap-ansi
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.patreon.com/feross
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yargs.js.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 59265 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56955
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50333
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54264
Source: unknownNetwork traffic detected: HTTP traffic on port 51686 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64452
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65304
Source: unknownNetwork traffic detected: HTTP traffic on port 57333 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51502 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52031 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53298
Source: unknownNetwork traffic detected: HTTP traffic on port 51695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56955 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62845
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58071
Source: unknownNetwork traffic detected: HTTP traffic on port 59236 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62487 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58070
Source: unknownNetwork traffic detected: HTTP traffic on port 60791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53986
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51686
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59570
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51537 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55939
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52944
Source: unknownNetwork traffic detected: HTTP traffic on port 54264 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59925 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52033 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51694
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51695
Source: unknownNetwork traffic detected: HTTP traffic on port 53298 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58070 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51696
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51575
Source: unknownNetwork traffic detected: HTTP traffic on port 53030 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51697
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52031
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52032
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58771
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64452 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51502
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52033
Source: unknownNetwork traffic detected: HTTP traffic on port 55728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57446
Source: unknownNetwork traffic detected: HTTP traffic on port 51696 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57333
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59236
Source: unknownNetwork traffic detected: HTTP traffic on port 51776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53986 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57446 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 59570 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 56842 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65377 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65304 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52944 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62487
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53703
Source: unknownNetwork traffic detected: HTTP traffic on port 59924 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52032 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59925
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59924
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52572
Source: unknownNetwork traffic detected: HTTP traffic on port 62305 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58071 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53030
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64794
Source: unknownNetwork traffic detected: HTTP traffic on port 51575 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51537
Source: unknownNetwork traffic detected: HTTP traffic on port 55939 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52572 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57123 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50333 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62305
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57123
Source: unknownNetwork traffic detected: HTTP traffic on port 61452 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59265
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61452
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65377
Source: conhost.exeProcess created: 61
Source: cmd.exeProcess created: 110

System Summary

barindex
Drops large PE files
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile dump: YoransSetup.exe.0.dr 173936640Jump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile dump: YoransSetup.exe0.0.dr 173936640Jump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess token adjusted: SecurityJump to behavior
Source: YoransSetup.exe0.0.drStatic PE information: Number of sections : 15 > 10
Source: vulkan-1.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: libEGL.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: dxcompiler.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: libGLESv2.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: dxcompiler.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: libEGL.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: YoransSetup.exe.0.drStatic PE information: Number of sections : 15 > 10
Source: Yoranis Setup.exe, 00000000.00000003.330026958969.0000000005E36000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs Yoranis Setup.exe
Source: Yoranis Setup.exe, 00000000.00000003.330047764144.0000000007A01000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Yoranis Setup.exe
Source: Yoranis Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: // did the user specify their own .sln file?
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: * On Windows, find the first build/*.sln file.
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: glob('build/*.sln', function (err, files) {
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: return path.extname(arg) === '.sln'
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: print('Usage: %s "c:\\path\\to\\project.sln"' % sys.argv[0])
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: return callback(new Error('Could not find *.sln file. Did you run "configure"?'))
Source: classification engineClassification label: mal72.troj.spyw.evad.winEXE@322/386@13/9
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2744:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8508:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7756:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6932:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1740:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6984:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:600:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:816:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2620:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2108:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5184:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6884:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5832:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5612:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4868:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8332:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1656:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:600:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7748:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7012:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4632:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6400:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1588:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5616:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7756:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7000:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4368:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2264:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1912:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4328:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1588:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6232:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6632:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6400:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:816:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2264:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5672:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4632:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6380:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5332:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1912:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3368:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5672:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5612:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8332:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2424:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4792:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2108:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4368:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5400:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8684:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6752:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4788:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3368:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4868:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5832:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7748:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6380:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4824:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8860:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4120:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8684:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6036:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8772:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7000:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5568:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4852:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2700:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1656:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8772:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4852:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8508:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5400:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2620:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8596:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2700:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4824:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7644:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5332:304:WilStaging_02
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6732:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7012:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8240:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8240:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6984:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1740:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4792:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6036:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2424:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2908:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4328:120:WilError_03
Source: C:\Users\user\Desktop\Yoranis Setup.exeMutant created: \Sessions\1\BaseNamedObjects\b4a0680f-9ee1-57b1-adfd-e68812be32d6
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8860:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7644:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6884:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6128:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:720:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6632:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2480:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8420:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4364:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8596:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1116:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6732:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1116:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:720:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4120:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5616:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6128:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6752:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2744:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4788:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2480:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6932:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5184:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6232:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5568:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2908:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4364:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8420:304:WilStaging_02
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsc3472.tmpJump to behavior
Source: Yoranis Setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'YORANSSETUP.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\curl.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "7star.exe")
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "brave.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "brave.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "firefox.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "opera.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "kometa.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "orbitum.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "opera.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "centbrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "7star.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "sputnik.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vivaldi.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "epicprivacybrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "uran.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "yandex.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "iridium.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'MSEDGE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'FIREFOX.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'CHROME.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "opera.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "brave.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "firefox.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "opera.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "kometa.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "orbitum.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "centbrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "7star.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "sputnik.exe")
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vivaldi.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vivaldi.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "epicprivacybrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "uran.exe")
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "yandex.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "iridium.exe")
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "kometa.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'MSEDGE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'FIREFOX.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'CHROME.EXE'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "7star.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "Steam.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "javaw.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile read: C:\Users\user\Desktop\Yoranis Setup.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Yoranis Setup.exe "C:\Users\user\Desktop\Yoranis Setup.exe"
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YoransSetup.exe" /FO csv | "C:\Windows\system32\find.exe" "YoransSetup.exe"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "YoransSetup.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1664 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl http://api.ipify.org/ --ssl-no-revoke
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2404 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3448241921201964185,6892278070021911797,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2412 /prefetch:3
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YoransSetup.exe" /FO csv | "C:\Windows\system32\find.exe" "YoransSetup.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "YoransSetup.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1664 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2404 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductNameJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl http://api.ipify.org/ --ssl-no-revoke
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3448241921201964185,6892278070021911797,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2412 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: ulib.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: fsutilext.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mscms.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dxil.dll
Source: C:\Windows\System32\curl.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\curl.exeSection loaded: secur32.dll
Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\curl.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\curl.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\curl.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Users\user\Desktop\Yoranis Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: C:\Users\user\Desktop\Yoranis Setup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b4a0680f-9ee1-57b1-adfd-e68812be32d6Jump to behavior
Source: Yoranis Setup.exeStatic file information: File size 87733089 > 1048576
Source: Yoranis Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\projects\src\out\Default\dxcompiler.dll.pdb source: Yoranis Setup.exe, 00000000.00000003.330047764144.0000000007A01000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

barindex
Suspicious powershell command line found
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductNameJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: dxil.dll.0.drStatic PE information: 0x7DBE8527 [Fri Nov 7 02:32:07 2036 UTC]
Source: dxcompiler.dll.0.drStatic PE information: section name: .00cfg
Source: dxcompiler.dll.0.drStatic PE information: section name: .gxfg
Source: dxcompiler.dll.0.drStatic PE information: section name: .retplne
Source: dxcompiler.dll.0.drStatic PE information: section name: _RDATA
Source: dxil.dll.0.drStatic PE information: section name: _RDATA
Source: ffmpeg.dll.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll.0.drStatic PE information: section name: _RDATA
Source: libEGL.dll.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll.0.drStatic PE information: section name: .gxfg
Source: libEGL.dll.0.drStatic PE information: section name: .retplne
Source: libEGL.dll.0.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.0.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.0.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.0.drStatic PE information: section name: _RDATA
Source: YoransSetup.exe.0.drStatic PE information: section name: .00cfg
Source: YoransSetup.exe.0.drStatic PE information: section name: .gxfg
Source: YoransSetup.exe.0.drStatic PE information: section name: .retplne
Source: YoransSetup.exe.0.drStatic PE information: section name: .rodata
Source: YoransSetup.exe.0.drStatic PE information: section name: CPADinfo
Source: YoransSetup.exe.0.drStatic PE information: section name: LZMADEC
Source: YoransSetup.exe.0.drStatic PE information: section name: _RDATA
Source: YoransSetup.exe.0.drStatic PE information: section name: malloc_h
Source: dxcompiler.dll0.0.drStatic PE information: section name: .00cfg
Source: dxcompiler.dll0.0.drStatic PE information: section name: .gxfg
Source: dxcompiler.dll0.0.drStatic PE information: section name: .retplne
Source: dxcompiler.dll0.0.drStatic PE information: section name: _RDATA
Source: dxil.dll0.0.drStatic PE information: section name: _RDATA
Source: ffmpeg.dll0.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll0.0.drStatic PE information: section name: _RDATA
Source: libEGL.dll0.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll0.0.drStatic PE information: section name: .gxfg
Source: libEGL.dll0.0.drStatic PE information: section name: .retplne
Source: libEGL.dll0.0.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll0.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll0.0.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll0.0.drStatic PE information: section name: .retplne
Source: libGLESv2.dll0.0.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll0.0.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll0.0.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll0.0.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll0.0.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll0.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll0.0.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll0.0.drStatic PE information: section name: .retplne
Source: vulkan-1.dll0.0.drStatic PE information: section name: _RDATA
Source: YoransSetup.exe0.0.drStatic PE information: section name: .00cfg
Source: YoransSetup.exe0.0.drStatic PE information: section name: .gxfg
Source: YoransSetup.exe0.0.drStatic PE information: section name: .retplne
Source: YoransSetup.exe0.0.drStatic PE information: section name: .rodata
Source: YoransSetup.exe0.0.drStatic PE information: section name: CPADinfo
Source: YoransSetup.exe0.0.drStatic PE information: section name: LZMADEC
Source: YoransSetup.exe0.0.drStatic PE information: section name: _RDATA
Source: YoransSetup.exe0.0.drStatic PE information: section name: malloc_h
Source: node.napi.node0.0.drStatic PE information: section name: _RDATA
Source: registry.node.0.drStatic PE information: section name: .fptable
Source: node_sqlite3.node.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\YoransSetup.exeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\dxil.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\dxcompiler.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\dxcompiler.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\dxil.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YoransSetup.lnkJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9910
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\dxcompiler.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\dxcompiler.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2060Thread sleep count: 9910 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5612Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010409Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010409
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpackedJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resourcesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modulesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\buildJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\localesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-jsJump to behavior
Source: curl.exe, 0000000E.00000003.330302063852.00000201D98E1000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000E.00000002.330302534079.00000201D98E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeMemory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

barindex
Excessive usage of taskkill to terminate processes
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YoransSetup.exe" /FO csv | "C:\Windows\system32\find.exe" "YoransSetup.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "YoransSetup.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1664 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2404 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductNameJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl http://api.ipify.org/ --ssl-no-revoke
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "c:\users\user\appdata\local\programs\unrealgame\yoranssetup.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1664 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kwebsqlaccess --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "c:\users\user\appdata\local\programs\unrealgame\yoranssetup.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --mojo-platform-channel-handle=2404 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kwebsqlaccess --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "c:\users\user\appdata\local\programs\unrealgame\yoranssetup.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1664 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kwebsqlaccess --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "c:\users\user\appdata\local\programs\unrealgame\yoranssetup.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --mojo-platform-channel-handle=2404 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kwebsqlaccess --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\sqlite3\package.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\registry-js\package.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\registry-js\dist\lib\index.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\registry-js\dist\lib\registry.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\win-version-info\index.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\win-version-info\package.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7m9uz3mai4sr VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7m9uz3mai4sr\Autofill VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7m9uz3mai4sr\Autofill VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7m9uz3mai4sr VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7m9uz3mai4sr VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7m9uz3mai4sr\Autofill VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7m9uz3mai4sr\Cookies VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Program Files\Google\Chrome\Application\chrome.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillRegex VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstLaunchAfterInstallation VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Functional SAN Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Functional SAN Data-wal VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\OriginTrials VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.ldb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000004.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.ldb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000004.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\Downloads VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-KHkC0W VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-KHkC0W VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-KHkC0W VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0353475199 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0353475199 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0666563528 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0666563528 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1417002460 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4683256203 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5367203117 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5367203117 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5622580005 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5622580005 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5795694722 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5859486270 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5859486270 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5a9c282b-ef39-4af3-8fe8-5806dd03ee4a.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\6516896632 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7011884383 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7011884383 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7245361316 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7606393495 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7606393495 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\77d22a10-bffc-4dc5-99e7-4fbb607cb190.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7838756049 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrocef_low VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\B018D45B-96A4-4B60-BED4-BC78D47B50F2 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\B018D45B-96A4-4B60-BED4-BC78D47B50F2 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\B018D45B-96A4-4B60-BED4-BC78D47B50F2\en-US VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\47114209A62F3B9930F6B8998DFD4A991 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE6D1.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE6D1.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE6E8.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE6E8.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE703.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE707.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE70B.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE70B.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE723.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE783.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE783.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE795.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE795.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE7A7.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE7A7.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE7B8.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE7B8.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE7DB.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE7EF.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE7EF.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE7F0.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE7F1.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.ldbJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local Storage\leveldbJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000004.logJump to behavior

Remote Access Functionality

barindex
Attempt to bypass Chrome Application-Bound Encryption
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts211
Windows Management Instrumentation		1
Windows Service		1
Windows Service		11
Masquerading		1
OS Credential Dumping		21
Security Software Discovery		Remote Services1
Data from Local System		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		1
Registry Run Keys / Startup Folder		11
Process Injection		111
Disable or Modify Tools		LSASS Memory1
Network Service Discovery		Remote Desktop ProtocolData from Removable Media1
Remote Access Software		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
PowerShell		1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		121
Virtualization/Sandbox Evasion		Security Account Manager2
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		11
Process Injection		NTDS121
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Timestomp		LSA Secrets1
Application Window Discovery		SSHKeylogging3
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials1
Remote System Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync2
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem34
System Information Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584251 Sample: Yoranis Setup.exe Startdate: 05/01/2025 Architecture: WINDOWS Score: 72 55 sb.scorecardresearch.com 2->55 57 ntp.msn.com 2->57 59 9 other IPs or domains 2->59 81 Drops large PE files 2->81 8 YoransSetup.exe 16 2->8         started        12 Yoranis Setup.exe 12 787 2->12         started        signatures3 process4 dnsIp5 67 api.gofile.io 94.139.32.3, 443, 49771, 51695 ENIX-ASFR Belgium 8->67 69 file.io 143.244.215.221, 443, 49772, 51696 COGENT-174US United States 8->69 71 2 other IPs or domains 8->71 83 Attempt to bypass Chrome Application-Bound Encryption 8->83 85 Suspicious powershell command line found 8->85 87 Tries to harvest and steal browser information (history, passwords, etc) 8->87 89 Excessive usage of taskkill to terminate processes 8->89 15 cmd.exe 8->15         started        17 cmd.exe 8->17         started        20 cmd.exe 8->20         started        24 59 other processes 8->24 47 C:\Users\user\AppData\...\YoransSetup.exe, PE32+ 12->47 dropped 49 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 12->49 dropped 51 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 12->51 dropped 53 34 other files (none is malicious) 12->53 dropped 22 cmd.exe 1 12->22         started        file6 signatures7 process8 dnsIp9 27 WMIC.exe 15->27         started        30 conhost.exe 15->30         started        77 Suspicious powershell command line found 17->77 39 2 other processes 17->39 41 2 other processes 20->41 32 conhost.exe 22->32         started        43 2 other processes 22->43 73 chrome.cloudflare-dns.com 172.64.41.3, 443, 49774, 50333 CLOUDFLARENETUS United States 24->73 75 239.255.255.250, 1900 unknown Reserved 24->75 79 Excessive usage of taskkill to terminate processes 24->79 34 curl.exe 24->34         started        37 msedge.exe 24->37         started        45 110 other processes 24->45 signatures10 process11 dnsIp12 91 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 27->91 93 Queries memory information (via WMI often done to detect virtual machines) 27->93 61 api.ipify.org 104.26.12.205, 49766, 80 CLOUDFLARENETUS United States 34->61 63 dns.quad9.net 9.9.9.9, 443, 49926, 51537 QUAD9-AS-1US United States 37->63 65 sb.scorecardresearch.com 18.173.166.9, 443, 55728 MIT-GATEWAYSUS United States 37->65 signatures13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Yoranis Setup.exe3%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\dxcompiler.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\dxil.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\vulkan-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\YoransSetup.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\dxcompiler.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\dxil.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.node5%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\detect-libc\bin\detect-libc.js0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\tools\clang-format.js0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\tools\conversion.js0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\bin.js0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\semver\bin\semver0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.node0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\tools\clang-format.js0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\tools\conversion.js0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\tools\eslint-format.js0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\bin.js0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.node0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.node0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\elevate.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\vulkan-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\SpiderBanner.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\StdUtils.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\nsExec.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsx353E.tmp\nsis7z.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://10.0.0.1:80/0%Avira URL Cloudsafe
http://tukaani.org/xz/0%Avira URL Cloudsafe
http://crbug.com/5102700%Avira URL Cloudsafe
http://example.sub0%Avira URL Cloudsafe
http://sub.example0%Avira URL Cloudsafe
https://secure.travis-ci.org/troygoode/node-require-directory.png)0%Avira URL Cloudsafe
http://maxao.free.fr/xcode-plugin-interface/specifications.html0%Avira URL Cloudsafe
http://crbug.com/3780670%Avira URL Cloudsafe
http://crbug.com/4973010%Avira URL Cloudsafe
http://www.freedesktop.org/wiki/Software/xdg-user-dirs0%Avira URL Cloudsafe
https://bugs.chromium.org/p/v8/issues/detail?id=41180%Avira URL Cloudsafe
http://127.0.0.1/320%Avira URL Cloudsafe
https://semver.org/0%Avira URL Cloudsafe
https://yargs.js.org/0%Avira URL Cloudsafe
https://hsivonen.fi/encoding-menu/0%Avira URL Cloudsafe
http://debuggable.com/)0%Avira URL Cloudsafe
https://nodei.co/npm/require-directory/)0%Avira URL Cloudsafe
http://re-becca.org)0%Avira URL Cloudsafe
http://crbug.com/6421410%Avira URL Cloudsafe
http://sub.example:800%Avira URL Cloudsafe
http://127.0.0.10%Avira URL Cloudsafe
http://istanbul-js.org/0%Avira URL Cloudsafe
http://www.opensource.org/licenses/mit-license.php)0%Avira URL Cloudsafe
https://passwords.google.comCompte0%Avira URL Cloudsafe
http://crbug.com/7759610%Avira URL Cloudsafe
http://www.webrtc.org0%Avira URL Cloudsafe
http://zlib.net/0%Avira URL Cloudsafe
http://10.0.0.1:1337/0%Avira URL Cloudsafe
https://crbug.com/14467310%Avira URL Cloudsafe
http://crbug.com/2759440%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
file.io
143.244.215.221
truefalse
    		high
    chrome.cloudflare-dns.com
    		172.64.41.3
    		truefalse
      		high
      api.iwannaeatcats.com
      		172.67.193.41
      		truefalse
        		unknown
        dns.quad9.net
        		9.9.9.9
        		truefalse
          		high
          sb.scorecardresearch.com
          		18.173.166.9
          		truefalse
            		high
            api.ipify.org
            		104.26.12.205
            		truefalse
              		high
              api.gofile.io
              		94.139.32.3
              		truefalse
                		high
                assets.msn.com
                		unknown
                		unknownfalse
                  		high
                  c.msn.com
                  		unknown
                  		unknownfalse
                    		high
                    ntp.msn.com
                    		unknown
                    		unknownfalse
                      		high
                      api.msn.com
                      		unknown
                      		unknownfalse
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://github.com/nodejs/gyp-next/archive/Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/vweevers/pe-signature-offsetYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/lgeiger/node-abi/issues/54Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/nazar-pc)Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://github.com/nodejs/node/blob/v10.8.0/lib/internal/errors.jsYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/npm/move-fileYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://github.com/yargs/set-blocking.gitYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://support.google.com/chrome/answer/6098869uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.drfalse
                                        		high
                                        https://github.com/prebuild/prebuild-installYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/ohler/ertYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.freedesktop.org/wiki/Software/xdg-user-dirsYoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://crbug.com/510270resources.pak.0.drfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://github.com/npm/cli/blob/4c65cd952bc8627811735bea76b9b110cc4fc80e/lib/utils/ansi-trim.jsYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://github.com/nodejs/string_decoderYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                http://10.0.0.1:80/Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://nodejs.org/api/fs.html#fs_stat_time_values)Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://crbug.com/378067resources.pak.0.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://github.com/litmit)Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://photos.google.com/settings?referrer=CHROME_NTPuk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.dr, pt-BR.pak.0.drfalse
                                                      		high
                                                      https://secure.travis-ci.org/troygoode/node-require-directory.png)Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://maxao.free.fr/xcode-plugin-interface/specifications.htmlYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://tukaani.org/xz/Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.npmjs.com/package/safer-buffer)Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.patreon.com/ferossYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/TooTallNate/util-deprecateYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrluk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.drfalse
                                                              		high
                                                              https://github.com/nodejs/node-gyp/issues/1779Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://github.com/calvinmetcalf/process-nextick-args.gitYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://stackoverflow.com/questions/37519828Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://crbug.com/497301resources.pak.0.drfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://sub.exampleYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://github.com/ChALkeRYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://example.subYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://hsivonen.fi/encoding-menu/Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://127.0.0.1/32Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://yargs.js.org/Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://semver.org/Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://bugs.chromium.org/p/v8/issues/detail?id=4118Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://crbug.com/642141resources.pak.0.drfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://tools.ietf.org/html/rfc6455#section-9.1Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://npmjs.org/package/require-directory))Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://github.com/nodejs/Release#release-schedule)).Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://github.com/prebuild/node-gyp-buildYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.google.com/chrome/privacy/eula_text.html&AideGfr.pak.0.drfalse
                                                                                		high
                                                                                http://sub.example:80Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://github.com/tim-kos/node-retryYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://chrome.google.com/webstoreresources.pak.0.drfalse
                                                                                    		high
                                                                                    http://debuggable.com/)Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://github.com/npm/cacacheYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://github.com/JoshGlazebrook/socks/Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.npmjs.com/package/safe-buffer)Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://re-becca.org)Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://nodei.co/npm/require-directory/)Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://127.0.0.1Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/endsWithYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://github.com/mrvisser)Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://istanbul-js.org/Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://travis-ci.org/JoshGlazebrook/smart-buffer)Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://coveralls.io/github/JoshGlazebrook/smart-buffer?branch=master)Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.webrtc.orgYoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://github.com/jprichardson/node-fs-extra/pull/141Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://github.com/daurnimator)Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrluk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.drfalse
                                                                                                        		high
                                                                                                        https://github.com/dominictarr/varstruct.gitYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://github.com/ppollono)Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.opensource.org/licenses/mit-license.php)Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://crbug.com/1446731resources.pak.0.drfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://chrome.google.com/webstore?hl=ukCtrl$1uk.pak.0.drfalse
                                                                                                              		high
                                                                                                              https://github.com/Cyan4973/xxHashYoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://stackoverflow.com/a/1068308/13216Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://github.com/stingstrom)Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://twitter.com/intent/user?screen_name=troygoode)Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://github.com/google/xnnpackYoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://chromewebstore.google.com/Yoranis Setup.exe, 00000000.00000003.330022143469.0000000005250000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drfalse
                                                                                                                          		high
                                                                                                                          https://github.com/chalker/safer-buffer#why-not-safe-buffer).Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://github.com/websockets/ws.gitYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://support.google.com/chrome/a/answer/9122284uk.pak.0.dr, fr.pak.0.drfalse
                                                                                                                                		high
                                                                                                                                https://github.com/joyeecheung/node-dep-codemod#dep005)Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://github.com/npm/node-tar/issues/183Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://github.com/nodejs/node-gyp/issues/1861Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://github.com/RyanZim/universalify#readmeYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://gitlab.freedesktop.org/xdg/xdgmimeYoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://github.com/prebuild/prebuild-install.gitYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://github.com/node4good/windows-autoconfYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://www.unicode.org/copyright.htmlYoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://unpkg.com/yargs-parserYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://www.google.com/chrome/privacy/eula_text.htmlA&judaGerenciadopt-BR.pak.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      http://crbug.com/775961resources.pak.0.drfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://github.com/RyanZim/universalify.gitYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://codereview.chromium.org/25305002).resources.pak.0.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://github.com/vweevers/windows-envYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://10.0.0.1:1337/Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://api.ipify.org/jcurl.exe, 0000000E.00000002.330302717861.00000201D98EF000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000E.00000003.330301939739.00000201D98EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://code.google.com/p/gyp/issues/detail?id=122Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://zlib.net/Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://passwords.google.comComptefr.pak.0.drfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://unpkg.com/cliuiYoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://crbug.com/275944Yoranis Setup.exe, 00000000.00000003.330022143469.0000000005250000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://www.google.com/chrome/privacy/eula_text.htmlH&elpManageden-US.pak.0.drfalse
                                                                                                                                                                    		high

                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                    Public IPs

                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                    9.9.9.9
                                                                                                                                                                    		dns.quad9.netUnited States
                                                                                                                                                                    		19281QUAD9-AS-1USfalse
                                                                                                                                                                    104.26.12.205
                                                                                                                                                                    		api.ipify.orgUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    143.244.215.221
                                                                                                                                                                    		file.ioUnited States
                                                                                                                                                                    		174COGENT-174USfalse
                                                                                                                                                                    172.67.193.41
                                                                                                                                                                    		api.iwannaeatcats.comUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    18.173.166.9
                                                                                                                                                                    		sb.scorecardresearch.comUnited States
                                                                                                                                                                    		3MIT-GATEWAYSUSfalse
                                                                                                                                                                    94.139.32.3
                                                                                                                                                                    		api.gofile.ioBelgium
                                                                                                                                                                    		48813ENIX-ASFRfalse
                                                                                                                                                                    239.255.255.250
                                                                                                                                                                    		unknownReserved
                                                                                                                                                                    		unknownunknownfalse
                                                                                                                                                                    172.64.41.3
                                                                                                                                                                    		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse

                                                                                                                                                                    Private

                                                                                                                                                                    IP
                                                                                                                                                                    127.0.0.1

                                                                                                                                                                    General Information

                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                    Analysis ID:1584251
                                                                                                                                                                    Start date and time:2025-01-05 00:18:26 +01:00
                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                    Overall analysis duration:0h 14m 18s
                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                    Report type:full
                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                    Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                                                    Run name:Suspected VM Detection
                                                                                                                                                                    Number of analysed new started processes analysed:190
                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                    Technologies:
                                                                                                                                                                    • HCA enabled
                                                                                                                                                                    • EGA enabled
                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                    Sample name:Yoranis Setup.exe
                                                                                                                                                                    Detection:MAL
                                                                                                                                                                    Classification:mal72.troj.spyw.evad.winEXE@322/386@13/9
                                                                                                                                                                    EGA Information:Failed
                                                                                                                                                                    HCA Information:
                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                    • Number of executed functions: 0
                                                                                                                                                                    • Number of non-executed functions: 0
                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                    Warnings

                                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, backgroundTaskHost.exe
                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 4.153.29.52, 13.107.42.16, 204.79.197.203, 20.96.153.111, 4.152.199.46, 204.79.197.237, 13.107.21.237, 23.221.212.217, 23.221.212.206, 23.219.0.181, 23.219.0.178, 23.219.0.145, 23.219.0.152, 23.219.0.147, 23.219.0.134, 23.219.0.138, 23.219.0.170, 23.219.0.175, 184.28.114.17, 184.28.114.26, 184.28.114.128, 184.28.114.43, 184.28.114.131, 184.28.114.136, 184.28.114.16, 184.28.114.41, 184.28.114.42, 20.110.205.119, 204.79.197.239, 13.107.21.239
                                                                                                                                                                    • Excluded domains from analysis (whitelisted): www-bing-com.dual-a-0034.a-msedge.net, prod-atm-wds-nav.trafficmanager.net, config.edge.skype.com.trafficmanager.net, data-edge.smartscreen.microsoft.com, img-s-msn-com.akamaized.net, c-msn-com-nsatc.trafficmanager.net, nav.smartscreen.microsoft.com, arc.msn.com, prod-agic-eu2-2.eastus2.cloudapp.azure.com, e86303.dscx.akamaiedge.net, config-edge-skype.l-0007.l-msedge.net, th.bing.com, arc.trafficmanager.net, l-0007.l-msedge.net, config.edge.skype.com, iris-de-prod-azsc-v2-eus2.eastus2.cloudapp.azure.com, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, edge-microsoft-com.dual-a-0036.a-msedge.net, th.bing.com.edgekey.net, c-bing-com.dual-a-0034.a-msedge.net, a-0003.a-msedge.net, ctldl.windowsupdate.com, p-th.bing.com.trafficmanager.net, www-msn-com.a-0003.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, edge.microsoft.com, a1834.dscg2.akamai.net, l-0007.config.skype.com, c.bing.com, dual-a-0034.a-msedge.net,
                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                    • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                    • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                    • VT rate limit hit for: Yoranis Setup.exe

                                                                                                                                                                    Simulations

                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                    18:20:55API Interceptor21x Sleep call for process: Yoranis Setup.exe modified
                                                                                                                                                                    18:21:19API Interceptor3x Sleep call for process: WMIC.exe modified
                                                                                                                                                                    18:21:22API Interceptor4x Sleep call for process: powershell.exe modified

                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                    IPs

                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                    9.9.9.9RECOUVREMENT -FACTURER1184521.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                      SmartEasyPDF.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                        Software_Tool.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, LummaC StealerBrowse
                                                                                                                                                                              Zoom.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  pdfguruhub.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    ACHAT DE 2 IMMEUBLES.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      allpdfpro.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        104.26.12.205RtU8kXPnKr.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                        jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • api.ipify.org/?format=text
                                                                                                                                                                                        xKvkNk9SXR.exeGet hashmaliciousTrojanRansomBrowse
                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                        GD8c7ARn8q.exeGet hashmaliciousTrojanRansomBrowse
                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                        8AbMCL2dxM.exeGet hashmaliciousRCRU64, TrojanRansomBrowse
                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                        Simple2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                        Ransomware Mallox.exeGet hashmaliciousTargeted RansomwareBrowse
                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                        Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                        6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                        perfcc.elfGet hashmaliciousXmrigBrowse
                                                                                                                                                                                        • api.ipify.org/
                                                                                                                                                                                        143.244.215.221Kameta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          Kameta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            iDvmIRCPBw.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              ZdXUGLQpoL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                jaPB8q3WL1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  00514DIRyT.exeGet hashmaliciousGO StealerBrowse

                                                                                                                                                                                                    Domains

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    dns.quad9.netKameta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 149.112.112.112
                                                                                                                                                                                                    rPO3799039985.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                    • 149.112.112.112
                                                                                                                                                                                                    JHPvqMzKbz.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 9.9.9.9
                                                                                                                                                                                                    GalacticShooter (3).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 149.112.112.112
                                                                                                                                                                                                    Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 149.112.112.112
                                                                                                                                                                                                    GalacticFever.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 9.9.9.9
                                                                                                                                                                                                    chrome.cloudflare-dns.comrandom.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                    random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                    http://www.cipassoitalia.it/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                    EwpsQzeky5.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                    Setup.exe.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                    over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                    MJhe4xWsnR.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                    MJhe4xWsnR.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                    6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                    sb.scorecardresearch.comrandom.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 13.32.110.104
                                                                                                                                                                                                    random.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 18.244.18.27
                                                                                                                                                                                                    nv8401986_110422.exeGet hashmaliciousQjwmonkeyBrowse
                                                                                                                                                                                                    • 18.244.18.122
                                                                                                                                                                                                    over.ps1Get hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 18.244.18.27
                                                                                                                                                                                                    6684V5n83w.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 18.244.18.38
                                                                                                                                                                                                    25F.tmp.exeGet hashmaliciousDarkbotBrowse
                                                                                                                                                                                                    • 18.244.18.38
                                                                                                                                                                                                    BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 18.244.18.122
                                                                                                                                                                                                    Tool_Unlock_v1.2.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 18.161.69.30
                                                                                                                                                                                                    Hwacaj.exeGet hashmaliciousDarkbotBrowse
                                                                                                                                                                                                    • 18.161.69.8
                                                                                                                                                                                                    JA7cOAGHym.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                    • 18.161.69.117
                                                                                                                                                                                                    file.iofile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                    file.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                    rename_me_before.exeGet hashmaliciousPython Stealer, Exela StealerBrowse
                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                    dsoft.exeGet hashmaliciousPython Stealer, Creal StealerBrowse
                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                    main.exeGet hashmaliciousPython Stealer, Discord Token Stealer, PRYSMAX STEALERBrowse
                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                    main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                    urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                    urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                    stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                    • 45.112.123.126

                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    CLOUDFLARENETUSfile.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                    • 104.26.12.205
                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                                                                                                                                                                    • 104.21.64.1
                                                                                                                                                                                                    J18zxRjOes.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 104.21.56.70
                                                                                                                                                                                                    SOElePqvtf.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 104.21.64.1
                                                                                                                                                                                                    m4lz5aeAiN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 104.21.80.1
                                                                                                                                                                                                    ehD7zv3l4U.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 104.21.112.1
                                                                                                                                                                                                    rdFy6abQ61.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    • 104.21.96.1
                                                                                                                                                                                                    HMhdtzxEHf.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                    • 104.21.38.84
                                                                                                                                                                                                    9g9LZNE4bH.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                    • 162.159.137.232
                                                                                                                                                                                                    QUAD9-AS-1USRECOUVREMENT -FACTURER1184521.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 9.9.9.9
                                                                                                                                                                                                    SmartEasyPDF.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 9.9.9.9
                                                                                                                                                                                                    Software_Tool.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 9.9.9.9
                                                                                                                                                                                                    Kameta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 149.112.112.112
                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                                                                                                                    • 9.9.9.9
                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, LummaC StealerBrowse
                                                                                                                                                                                                    • 9.9.9.9
                                                                                                                                                                                                    Zoom.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 9.9.9.9
                                                                                                                                                                                                    Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 9.9.9.9
                                                                                                                                                                                                    pdfguruhub.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 9.9.9.9
                                                                                                                                                                                                    ACHAT DE 2 IMMEUBLES.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 9.9.9.9
                                                                                                                                                                                                    COGENT-174USi686.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                    • 38.60.221.89
                                                                                                                                                                                                    6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                    • 154.29.71.9
                                                                                                                                                                                                    fuckunix.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                    • 38.95.31.31
                                                                                                                                                                                                    fuckunix.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                    • 38.3.112.85
                                                                                                                                                                                                    Fantazy.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                    • 38.162.253.66
                                                                                                                                                                                                    Fantazy.i486.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 23.154.10.226
                                                                                                                                                                                                    Fantazy.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 38.114.1.137
                                                                                                                                                                                                    Fantazy.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 66.28.124.96
                                                                                                                                                                                                    Fantazy.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 38.168.213.17

                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                    No context

                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dllSalmonSamurai.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      SalmonSamurai.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        NativeApp_G5L1NHZZ.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                          CapCut_12.0.4_Installer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                            CapCut_12.0.4_Installer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                              AyqwnIUrcz.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                nanophanotool.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                  9VbeqQbgU4.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                                                    9VbeqQbgU4.exeGet hashmaliciousRedLine, SectopRATBrowse

                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Intel\ShaderCache\51eff8b256e076a0d64ad0efc14a673e5e43d16bdd6af910415c824ee9b35641

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):26
                                                                                                                                                                                                                      Entropy (8bit):3.6864194113487727
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:tAvnXVHjn:tgXVHjn
                                                                                                                                                                                                                      MD5:33F0D2B8DEC34BF56C3545C83958964F
                                                                                                                                                                                                                      SHA1:63DDE4D4174DFE30F1B1C2766692AFE1C4104FF2
                                                                                                                                                                                                                      SHA-256:FE02DF6064A02C4A8590E8BFB88BF55307E1313FE15CC4395CE8795FF932624A
                                                                                                                                                                                                                      SHA-512:5F46520B7030E0625F7BEA1FB1F1E8C81E7013697481FA9E5EE2D1DF188968E8B5103DD38F169EC35F3A0ABA3DF14183B637B9545A433EE2029FD1436DCF0BA7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:INSC.>.....Mar222021151921

                                                                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Intel\ShaderCache\ebd4d0c9f0ca3eaa5cda86a769a61a6c14bedc7352461975acc08306a0871c7d

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):26
                                                                                                                                                                                                                      Entropy (8bit):3.6864194113487727
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:tAvnXVHjn:tgXVHjn
                                                                                                                                                                                                                      MD5:33F0D2B8DEC34BF56C3545C83958964F
                                                                                                                                                                                                                      SHA1:63DDE4D4174DFE30F1B1C2766692AFE1C4104FF2
                                                                                                                                                                                                                      SHA-256:FE02DF6064A02C4A8590E8BFB88BF55307E1313FE15CC4395CE8795FF932624A
                                                                                                                                                                                                                      SHA-512:5F46520B7030E0625F7BEA1FB1F1E8C81E7013697481FA9E5EE2D1DF188968E8B5103DD38F169EC35F3A0ABA3DF14183B637B9545A433EE2029FD1436DCF0BA7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:INSC.>.....Mar222021151921

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6779C27A-1224.pma

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4194304
                                                                                                                                                                                                                      Entropy (8bit):0.17970750579124153
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:a/XJkgrYpFT+8coAgw0iTvo8kCdmrYu4RG:a/XJ90pFT+lTvxkCMrYq
                                                                                                                                                                                                                      MD5:CB62478A4AC05D0363321D06EEB3AE22
                                                                                                                                                                                                                      SHA1:AF424EFF2D1FCBCAFEAD8C5FF87CB7FA9B9B4AC5
                                                                                                                                                                                                                      SHA-256:CB725CF3727C6DDA82102AB8D472537A167054A9B058C715361D38961527F9FF
                                                                                                                                                                                                                      SHA-512:54564E049702D3BF963DA2C9DF108D79D5B06F5DBE950753ABC293982807F2079AE0D2D625CA79661340634FED4B01446D7161DED4975FE461451B1A52CF2C51
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:...@..@...@.....C.].....@...................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0......C<>.Z...................C<>.Z..................UMA.PersistentHistograms.DriveType......8...i.y.[".................................................i.y..Yd........A...........................7o.I'.Y.".4.............8o.I'.Y.................UMA.PersistentHistograms.HistogramsInStartupFile........ ...i.y.......7o.I'.Y..C<>.... ...i.y.......7o.I'.Y.7o.I........i.y..Yd........A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.........i.y.Pq.3................94.0.992.31-64".en-US*...Windows NT..10.0.1904224..x86_64..|.......".To Be Filled By O.E.M....x86_64:F..variations_seed_etag.."mOB9Fluqaq+mietxhYXSL2cAH0KxdzECs1csHpZVA18="P....5...............4.>.2...:..............0..,.......TelemetryPopSampleSampling......Default..@..<...%...msAutoToggleMSAPrtSSOForNonMSAProfile.......triggere

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):152
                                                                                                                                                                                                                      Entropy (8bit):4.846101405296782
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:Fg/fltlK7D2yQ9Bu2jVuDgmWUJ62+I3fdlYl8:qf1KryvpMgmTb3f08
                                                                                                                                                                                                                      MD5:4F92EE10C14AB76DB7578B74BFD51FBD
                                                                                                                                                                                                                      SHA1:A7F3CD6CA3249B0127EBDD3F02894EFCDC71BD8E
                                                                                                                                                                                                                      SHA-256:91BAD29873C51B45151A7BDAE3B1233EA55F063C3592F966FBF5492426B6303B
                                                                                                                                                                                                                      SHA-512:8DB464088823EAA5A73108453ECFD61F87251EA617D0C62B664EE0AD6288AA86126FEBB50B4AD3F0E126C844EDE01177705384B4B05DE54AB030879CC9342005
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:sdPC....................+.^..h#A...0.ER."mOB9Fluqaq+mietxhYXSL2cAH0KxdzECs1csHpZVA18="..................baf89b04-ec85-4201-8b33-0b186effe467............

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9ebf8873-86a3-417d-9451-ee0cbe735027.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):23881
                                                                                                                                                                                                                      Entropy (8bit):5.594974035020246
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:V7fCtNF0KhOObJ+UoAYDCx9TuqZz0VfUCh7xbog/OVJLlR9VCqrUVVAveO0pvrLH:VLWX08F1+UoAYDCx9Tuqh0VfUC9xbogz
                                                                                                                                                                                                                      MD5:8816367680B6B28DB08FB99E3065ADAB
                                                                                                                                                                                                                      SHA1:ED96BC99038C8A6F53914075362ACCE9F7D7E976
                                                                                                                                                                                                                      SHA-256:8168F2D01211066912152867E66AE90C6687C0A698C85A994A5DAC8A2A437BC5
                                                                                                                                                                                                                      SHA-512:E608D03352BD7616956D6A29E5B86442F8A5CB580E97E6C8DD4515465248FC8263889A8F050640EE1AC930714815D8E77FFBC9311C69FD037DBE31FD3E4688AF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"edge":{"services":{"last_account_id":"","last_username":""}},"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":{"active_permissions":{"api":[],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13380506490823716","location":5,"manifest":{"content_capabilities":{"include_globs":["https://*excel.officeapps.live.com/*","https://*onenote.officeapps.live.com/*","https://*powerpoint.officeapps.live.com/*","https://*word-edit.officeapps.live.com/*","https://*excel.partner.officewebapps.cn/*","https://*onenote.partner.officewebapps.cn/*","https://*powerpoint.partner.officewebapps.cn/*","https://*word-edit.partner.officewebapps.cn/*","https://*excel.gov.online.office365.us/*","https://*onenote.gov.online.office365.us/*","https://*powerpoint.gov.online.office365.us/*","https://*word-edit.gov.online.office365.us/*","https://

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3036000, file counter 11, database pages 7, 1st free page 5, free pages 2, cookie 0x9, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                      Size (bytes):28672
                                                                                                                                                                                                                      Entropy (8bit):1.0215430017475675
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:TKXOpyO5JMxnvmoy4GVUufeZxlHSguuhyNzz/2TtMlB+nNlZIvBudOb00:sn5HGsZxxS9u2X/QK3+nNLMB+Ob00
                                                                                                                                                                                                                      MD5:5F5F2924279840B5BB44407894DB7E7B
                                                                                                                                                                                                                      SHA1:6D0762593B93A1728716CEC2680FE6214001F824
                                                                                                                                                                                                                      SHA-256:E32E6543D164A1FC63FA8587D0E370ED8204C5F88CF0F05DD53FA09227FD5607
                                                                                                                                                                                                                      SHA-512:0AD14078038EC8C17D9C161207B44DE6AC05E98C1DF41D4857E33F69F6B440E4E1A76786722CFAB51CAD6AB34372E3FDA094416532699F9952EDB843C84094DB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................S`..=......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:MS Windows icon resource - 8 icons, 16x16, 32 bits/pixel, 20x20, 32 bits/pixel
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):71757
                                                                                                                                                                                                                      Entropy (8bit):6.771708343960135
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:vAlMWz7vLDtDSVlXXwpFlorgLUxF+D4n6owPFCawP/:vvuWAUxFaoGw/
                                                                                                                                                                                                                      MD5:E5E3377341056643B0494B6842C0B544
                                                                                                                                                                                                                      SHA1:D53FD8E256EC9D5CEF8EF5387872E544A2DF9108
                                                                                                                                                                                                                      SHA-256:E23040951E464B53B84B11C3466BBD4707A009018819F9AD2A79D1B0B309BC25
                                                                                                                                                                                                                      SHA-512:83F09E48D009A5CF83FA9AA8F28187F7F4202C84E2D0D6E5806C468F4A24B2478B73077381D2A21C89AA64884DF3C56E8DC94EB4AD2D6A8085AC2FEB1E26C2EF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:............ .h............. ............... ......... .... .........((.... .h....%..00.... ..%..>@..@@.... .(B...e........ .?p......(....... ..... ..........................................w...x...y...v...j...c...\...N...........................w.<.w...y...x...]...P...M...N...N...N...M...H.<.............w.<.w...y...{...]...P...O...Q...R...P...O...N...K...H.<.........w...y...{...p...P...P...Q...S...Q...P..N...N..K...K.......w...y...{...|...i...Q...P...S...R.......................I.W.....y...{...}.......c...Q...Q...U.W......3<..6.i.?.V.D.L.L.@.Q<.....{...}..........n...P...S............3.7...;.f.B.P.P.D.U.8.[W.}................P...P.s..........3...7...<.g.H.c.O.R.Y.?.].................u...J...........6..8...?...E.o.O.U.W.L._..............................$...7...@...J.o.O.b.].L.f..+...........................*...0...;...J...S.h.].X.e.../..0.................!...*...*...2...<...G...P.i.g.Y.m.......1..2..0...0.......+...*...*...1...8...C...M.~.^.m.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):627
                                                                                                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                                                                                                                                                                                      MD5:9D7435EA49A80FDD66E4915F513017F9
                                                                                                                                                                                                                      SHA1:469F6C6E4B19B85CC1BE497812B2F20864F4FF2C
                                                                                                                                                                                                                      SHA-256:409D4C47E940688527D730B996E8991E010988C7671565467ED69D640D0947F3
                                                                                                                                                                                                                      SHA-512:0561CD632D4219AEF4686DE40EC092921384CA89755D354801E0EAEC8645A8630A180807AF518AC8FCF01F71EB3D10FAA9CE1E62C7A7226A274975BDCB7EEB4C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):324
                                                                                                                                                                                                                      Entropy (8bit):5.169062232007464
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:iOLXBLq2PCN23oH+Tcwt8NIFUtRXBuZmwPXBCkwOCN23oH+Tcwt8+eLJ:7LxLv1YebpFUtRxu/PxC5eYebqJ
                                                                                                                                                                                                                      MD5:5078B9E963E18E687AEBF11AFCAF7470
                                                                                                                                                                                                                      SHA1:46DFE6E8AE7DB787A6C5FAB6489BADFFDE1B6D73
                                                                                                                                                                                                                      SHA-256:143227B702B25C36A8643C00254D623A77281A2C9FA8EBB56A47FEBE6A50478E
                                                                                                                                                                                                                      SHA-512:C23A844EFA3D457835D223A24323BEF1C004323F74F803848220261A8180A7D18FC37681254588C5843BF323F68265BF43EF5F8E81CB923D8588F816D848D39A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:2025/01/04-18:21:31.650 1804 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/01/04-18:21:31.650 1804 Recovering log #3.2025/01/04-18:21:31.650 1804 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):324
                                                                                                                                                                                                                      Entropy (8bit):5.169062232007464
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:iOLXBLq2PCN23oH+Tcwt8NIFUtRXBuZmwPXBCkwOCN23oH+Tcwt8+eLJ:7LxLv1YebpFUtRxu/PxC5eYebqJ
                                                                                                                                                                                                                      MD5:5078B9E963E18E687AEBF11AFCAF7470
                                                                                                                                                                                                                      SHA1:46DFE6E8AE7DB787A6C5FAB6489BADFFDE1B6D73
                                                                                                                                                                                                                      SHA-256:143227B702B25C36A8643C00254D623A77281A2C9FA8EBB56A47FEBE6A50478E
                                                                                                                                                                                                                      SHA-512:C23A844EFA3D457835D223A24323BEF1C004323F74F803848220261A8180A7D18FC37681254588C5843BF323F68265BF43EF5F8E81CB923D8588F816D848D39A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:2025/01/04-18:21:31.650 1804 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/01/04-18:21:31.650 1804 Recovering log #3.2025/01/04-18:21:31.650 1804 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\000001.dbtmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\CURRENT (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):367
                                                                                                                                                                                                                      Entropy (8bit):5.283913695741855
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:iOLXBmrhRM1CN23oH+Tcwt8age8Y55HEZzXELIx2KLlBXBmUcq2PCN23oH+Tcwte:7LxORMYeb8rcHEZrEkVLPxmRv1Yeb8rX
                                                                                                                                                                                                                      MD5:AC7A4691BC4C0A4E62126008745B90D6
                                                                                                                                                                                                                      SHA1:E77533A1F56EA72C4848DDFBAA99F16E348D395D
                                                                                                                                                                                                                      SHA-256:9AE53CE25B08BD9FC4DD698E2D7B3A7990DA5AD514D1DC2BC32407A438699CFB
                                                                                                                                                                                                                      SHA-512:99C5FA83CE38E105FE6DE33B8BC75BCF710DCA7DCA705E720FDB8B05505A02686DCC83040D88CEB821501264206898EF064F623F25C19BFE3881FD2C34BC802E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:2025/01/04-18:21:31.783 1804 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold since it was missing..2025/01/04-18:21:31.963 1804 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\MANIFEST-000001

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):333
                                                                                                                                                                                                                      Entropy (8bit):5.158758075575747
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:iOLXBdUt+q2PCN23oH+Tcwt8a2jMGIFUtRXB8XZmwPXB83VkwOCN23oH+Tcwt8as:7Lxd1v1Yeb8EFUtRx8X/Px8F5eYeb8bJ
                                                                                                                                                                                                                      MD5:265E90853F977A7D219AB305E72D63B9
                                                                                                                                                                                                                      SHA1:3BC3C45E7DEFDC098473FFAA0225688F8508DC27
                                                                                                                                                                                                                      SHA-256:5C600652268720BD0131BA4F1F0A97C68E3FD071CD51B1D1DAE0A2F63B2333D5
                                                                                                                                                                                                                      SHA-512:A82110D4B83706900075F9BA6FB933114CD22FE1004D9B4479CE6774D0D1F6ACC4B7A966DD377F5861F566B431B2FFFD076EF9B9D7AE591158B9FA7CD1B0ABD2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:2025/01/04-18:21:30.825 118 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/01/04-18:21:30.827 118 Recovering log #3.2025/01/04-18:21:30.827 118 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):333
                                                                                                                                                                                                                      Entropy (8bit):5.158758075575747
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:iOLXBdUt+q2PCN23oH+Tcwt8a2jMGIFUtRXB8XZmwPXB83VkwOCN23oH+Tcwt8as:7Lxd1v1Yeb8EFUtRx8X/Px8F5eYeb8bJ
                                                                                                                                                                                                                      MD5:265E90853F977A7D219AB305E72D63B9
                                                                                                                                                                                                                      SHA1:3BC3C45E7DEFDC098473FFAA0225688F8508DC27
                                                                                                                                                                                                                      SHA-256:5C600652268720BD0131BA4F1F0A97C68E3FD071CD51B1D1DAE0A2F63B2333D5
                                                                                                                                                                                                                      SHA-512:A82110D4B83706900075F9BA6FB933114CD22FE1004D9B4479CE6774D0D1F6ACC4B7A966DD377F5861F566B431B2FFFD076EF9B9D7AE591158B9FA7CD1B0ABD2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:2025/01/04-18:21:30.825 118 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/01/04-18:21:30.827 118 Recovering log #3.2025/01/04-18:21:30.827 118 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1335
                                                                                                                                                                                                                      Entropy (8bit):4.874937409709386
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:Y2tJ3aJ3as2qhVsataesaoRdsRzydMHD2sRBydMHDU3RdsRjdMHND07n7:Y2fqJqs2qhVVMeVgsR8MHisRyMH6sRhh
                                                                                                                                                                                                                      MD5:C1A927407535BD2ABAE5B12CF888CE3D
                                                                                                                                                                                                                      SHA1:627127B8B112CAE52AE84DF2C32CC645976C2956
                                                                                                                                                                                                                      SHA-256:CD9E872195611224ECEA1AB1049939FD71041756F15D52B3F98401BF39A5B1E2
                                                                                                                                                                                                                      SHA-512:C85CD9BD433081C59F834C6BCED07E7B1B1945A72157E0FE40F4DA66BE5F3CEAC9B11364F82CB8634BE85C0C38391321E364A68637031B2C363AD9BBB0BDA1ED
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://edge.activity.windows.com","supports_spdy":true},{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true},{"isolation":[],"server":"https://dns.quad9.net","supports_spdy":true},{"isolation":[],"server":"https://prod.rewardsplatform.microsoft.com","supports_spdy":true},{"isolation":[],"server":"https://substrate.office.com","supports_spdy":true},{"isolation":[],"server":"https://edge.microsoft.com","supports_spdy":true},{"isolation":[],"server":"https://arc.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13335831198055056","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":10404},"server":"https://th.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13335831198559246","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":10404},"server":"https://www.bing.com","supports

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):9000
                                                                                                                                                                                                                      Entropy (8bit):4.994257462742733
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:18XcUTNk9jPcAWMdkxoouYI3+YJuRhFeB/NhK9:2cUTNk9jPcAWMdaooVIS/me9
                                                                                                                                                                                                                      MD5:3CB1586353968B52F028A678ED76E36E
                                                                                                                                                                                                                      SHA1:CA5D7CF1919B126888AE487BEF587ABA56CFC4C9
                                                                                                                                                                                                                      SHA-256:14842C0CB079FF70AC52A3DDEB82275D34E792F24A8CF9E229C3755A7014B382
                                                                                                                                                                                                                      SHA-512:DA5462C205157B953A8A2D87430C910B2B09ED2701D2110EA6A9AA0BC8CAC303479B2E09B87B069E1B30B29FFE70565BE544944D0CBF2E3255A80EEDFA30F54A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"account_id_migration_state":2,"account_info":[{"account_id":"000340011677ED77","accountcapabilities":{"can_offer_extended_chrome_sync_promos":-1},"edge_account_age_group":3,"edge_account_cid":"8628dc546dc99469","edge_account_first_name":"Shahak","edge_account_is_test_on_premises_profile":false,"edge_account_last_name":"Shapira","edge_account_location":"CH","edge_account_oid":"","edge_account_sovereignty":0,"edge_account_tenant_id":"","edge_account_type":1,"edge_data_protection_type":0,"edge_is_data_protection_target":false,"edge_wam_aad_for_app_account_type":0,"email":"shahak.shapira@outlook.com","full_name":"","gaia":"000340011677ED77","given_name":"","hd":"","is_supervised_child":-1,"is_under_advanced_protection":false,"last_downloaded_image_url_with_size":"","locale":"","picture_url":""}],"account_tracker_service_last_update":"13335737597040910","alternate_error_pages":{"backup":true},"anaheim_import":{"auto_imported_details":{"imported_time":"Wed Sep 22 11:33:08 2021\n","profiles

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF1f8316c.TMP (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):9000
                                                                                                                                                                                                                      Entropy (8bit):4.994257462742733
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:18XcUTNk9jPcAWMdkxoouYI3+YJuRhFeB/NhK9:2cUTNk9jPcAWMdaooVIS/me9
                                                                                                                                                                                                                      MD5:3CB1586353968B52F028A678ED76E36E
                                                                                                                                                                                                                      SHA1:CA5D7CF1919B126888AE487BEF587ABA56CFC4C9
                                                                                                                                                                                                                      SHA-256:14842C0CB079FF70AC52A3DDEB82275D34E792F24A8CF9E229C3755A7014B382
                                                                                                                                                                                                                      SHA-512:DA5462C205157B953A8A2D87430C910B2B09ED2701D2110EA6A9AA0BC8CAC303479B2E09B87B069E1B30B29FFE70565BE544944D0CBF2E3255A80EEDFA30F54A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"account_id_migration_state":2,"account_info":[{"account_id":"000340011677ED77","accountcapabilities":{"can_offer_extended_chrome_sync_promos":-1},"edge_account_age_group":3,"edge_account_cid":"8628dc546dc99469","edge_account_first_name":"Shahak","edge_account_is_test_on_premises_profile":false,"edge_account_last_name":"Shapira","edge_account_location":"CH","edge_account_oid":"","edge_account_sovereignty":0,"edge_account_tenant_id":"","edge_account_type":1,"edge_data_protection_type":0,"edge_is_data_protection_target":false,"edge_wam_aad_for_app_account_type":0,"email":"shahak.shapira@outlook.com","full_name":"","gaia":"000340011677ED77","given_name":"","hd":"","is_supervised_child":-1,"is_under_advanced_protection":false,"last_downloaded_image_url_with_size":"","locale":"","picture_url":""}],"account_tracker_service_last_update":"13335737597040910","alternate_error_pages":{"backup":true},"anaheim_import":{"auto_imported_details":{"imported_time":"Wed Sep 22 11:33:08 2021\n","profiles

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2491
                                                                                                                                                                                                                      Entropy (8bit):5.025594632492727
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:YPj1f4Vr8KVNkGkXX6VVks0LtpsA19rnL9crbJ/anUJaYPI7xaMGH1oB+Cm7:KtoGX6VVOZpsAzrLOrMn3YPo0MG6+Z7
                                                                                                                                                                                                                      MD5:24275A126BD3A45A83DA31C26FE01294
                                                                                                                                                                                                                      SHA1:8F025140A70E9E7AEAE6834EC1B50355EAA79B21
                                                                                                                                                                                                                      SHA-256:9E4712F760581958A0267A5B70D1A1706ACE48566FF99701DCC9CF81043EE669
                                                                                                                                                                                                                      SHA-512:7F2582C4CADE8227E6BCE71584E503D833FE0C5C66EB0F5900B0D071B419D05B8402584201498BDFD107F697DF80AC6FD23C345367C5868D919DE928CF7B7600
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"edge":{"services":{"last_account_id":"","last_username":""}},"extensions":{"settings":{}},"prefs":{"preference_reset_time":"13380506490625502"},"protection":{"macs":{"browser":{"show_home_button":"904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD"},"default_search_provider_data":{"template_url_data":"575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816"},"edge":{"services":{"account_id":"D456A886A0DBE318CF511789EB70CFBEB8B3E35DA05B44245AFA153CF2527082","identity":{"schema":"50E673A6E3700B5431DD5887049F3271B5C2BEA02D53D968CBD61D36F54D9292"},"last_account_id":"6A5B5A031791B5A5FA7238C8E3FDD8A324CC8F19F63EAD5B2E896B84A5786B51","last_username":"AEEC085E5852B256515B8A4CA04B9576AB6B11591758E5AF201224060FD694E8"}},"homepage":"B1E9FE8108A84F532486D13AAC43C0AFDA16D3DFC9EB2F743AEE11F89F2F163E","homepage_is_newtabpage":"3680F776D17E3C099431BAF5381FAB9BCC0C2C70FEA4C74D12324BC94A207119","media":{"cdm":{"origin_data":"CE16C9485175ED827C5B13C2EE9BFCEDDD3444AF290CF59B851C1B

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF1f83286.TMP (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2491
                                                                                                                                                                                                                      Entropy (8bit):5.025594632492727
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:YPj1f4Vr8KVNkGkXX6VVks0LtpsA19rnL9crbJ/anUJaYPI7xaMGH1oB+Cm7:KtoGX6VVOZpsAzrLOrMn3YPo0MG6+Z7
                                                                                                                                                                                                                      MD5:24275A126BD3A45A83DA31C26FE01294
                                                                                                                                                                                                                      SHA1:8F025140A70E9E7AEAE6834EC1B50355EAA79B21
                                                                                                                                                                                                                      SHA-256:9E4712F760581958A0267A5B70D1A1706ACE48566FF99701DCC9CF81043EE669
                                                                                                                                                                                                                      SHA-512:7F2582C4CADE8227E6BCE71584E503D833FE0C5C66EB0F5900B0D071B419D05B8402584201498BDFD107F697DF80AC6FD23C345367C5868D919DE928CF7B7600
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"edge":{"services":{"last_account_id":"","last_username":""}},"extensions":{"settings":{}},"prefs":{"preference_reset_time":"13380506490625502"},"protection":{"macs":{"browser":{"show_home_button":"904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD"},"default_search_provider_data":{"template_url_data":"575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816"},"edge":{"services":{"account_id":"D456A886A0DBE318CF511789EB70CFBEB8B3E35DA05B44245AFA153CF2527082","identity":{"schema":"50E673A6E3700B5431DD5887049F3271B5C2BEA02D53D968CBD61D36F54D9292"},"last_account_id":"6A5B5A031791B5A5FA7238C8E3FDD8A324CC8F19F63EAD5B2E896B84A5786B51","last_username":"AEEC085E5852B256515B8A4CA04B9576AB6B11591758E5AF201224060FD694E8"}},"homepage":"B1E9FE8108A84F532486D13AAC43C0AFDA16D3DFC9EB2F743AEE11F89F2F163E","homepage_is_newtabpage":"3680F776D17E3C099431BAF5381FAB9BCC0C2C70FEA4C74D12324BC94A207119","media":{"cdm":{"origin_data":"CE16C9485175ED827C5B13C2EE9BFCEDDD3444AF290CF59B851C1B

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):204
                                                                                                                                                                                                                      Entropy (8bit):4.608245647211306
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:S8ltHlS+QUl1ASEGhTFljljl11vtldllaV93G4HBcvyFvXr9Jju1dUV:S85aEFljljltllaV931HBcwSdUV
                                                                                                                                                                                                                      MD5:4468DFCB05F4BC5D3B6EB53FA9708ABF
                                                                                                                                                                                                                      SHA1:01B6555C6E796FC50BA7AC6D5253500D586BF864
                                                                                                                                                                                                                      SHA-256:BE258E79E17733746FCD0035ABF75C104A4EE740779BBBAED903E8D7A4C568EE
                                                                                                                                                                                                                      SHA-512:EE964E2E93A179F838DF0A16592BE287539C87A07B5D6CE55D47606808607972CCBE9BCE0008D121E875CE6A36678EA1DE2A14BEFCACD6D389F0C7AE6E605617
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:*...#................version.1..namespace-..&f.................&f.................&f.................t.b................next-map-id.1.Cnamespace-d1bd9fd7_e255_4a2f_9989_cc45d99635bc-https://ntp.msn.com/.0

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):321
                                                                                                                                                                                                                      Entropy (8bit):5.1050356603825575
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:iOLXBgEd3+q2PCN23oH+TcwtrQMxIFUtRXBgJ3JZmwPXBgJ39VkwOCN23oH+TcwJ:7LxgEdOv1YebCFUtRxgJ3J/PxgJ3D5en
                                                                                                                                                                                                                      MD5:71DE0690134A953226604F5E29FDDA5A
                                                                                                                                                                                                                      SHA1:6A963809675BC63FC6653723D1A27F4ECA22B285
                                                                                                                                                                                                                      SHA-256:47610D1A50C2D1BF6B5ACD082F09F91DACE4DBDB6B5290E930476672D50586B0
                                                                                                                                                                                                                      SHA-512:2E93DED6E13B1C897276337AF38E8293A40061C5882841B57AC950C34A4441C2BDDBFDF71352418EB3680184FAEC210618DBEFEB08343644D6538CDFF330C6E5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:2025/01/04-18:21:31.023 118 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/01/04-18:21:31.024 118 Recovering log #3.2025/01/04-18:21:31.024 118 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):321
                                                                                                                                                                                                                      Entropy (8bit):5.1050356603825575
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:iOLXBgEd3+q2PCN23oH+TcwtrQMxIFUtRXBgJ3JZmwPXBgJ39VkwOCN23oH+TcwJ:7LxgEdOv1YebCFUtRxgJ3J/PxgJ3D5en
                                                                                                                                                                                                                      MD5:71DE0690134A953226604F5E29FDDA5A
                                                                                                                                                                                                                      SHA1:6A963809675BC63FC6653723D1A27F4ECA22B285
                                                                                                                                                                                                                      SHA-256:47610D1A50C2D1BF6B5ACD082F09F91DACE4DBDB6B5290E930476672D50586B0
                                                                                                                                                                                                                      SHA-512:2E93DED6E13B1C897276337AF38E8293A40061C5882841B57AC950C34A4441C2BDDBFDF71352418EB3680184FAEC210618DBEFEB08343644D6538CDFF330C6E5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:2025/01/04-18:21:31.023 118 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/01/04-18:21:31.024 118 Recovering log #3.2025/01/04-18:21:31.024 118 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13380506493303005

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1311
                                                                                                                                                                                                                      Entropy (8bit):3.4956458594292985
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:3i6AwgPV8psAFKkCLp3k2amEtLql1lW7JfYSGxQUSkOA6:3i6pxzFKdLpVFERu1lWFQyqOb
                                                                                                                                                                                                                      MD5:FE812080765097A56CB91A8748A63A17
                                                                                                                                                                                                                      SHA1:DEC70C992C640B709D8473BF9C0C53E3FBD4312D
                                                                                                                                                                                                                      SHA-256:A04E51F7F2522FCF5128A531A3C3E1B106F524BB70028ABBB8C7C87F8F05974E
                                                                                                                                                                                                                      SHA-512:C4EC80B233AD9214201B5223D9A99A116CAA87496A87869D08B2F3305E3D11D111AC3C03AF76DAE464A77ABFCB3F1D711C9542758B6951E9350660134FCE6FBE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:SNSS................................"........9.#4.......$...ad7dd8b9-7c00-4b60-a258-fb53188688c5........................................................!.............................................1..,.......$...d1bd9fd7_e255_4a2f_9989_cc45d99635bc.......................iz..........................................edge://newtab/......N.e.w. .t.a.b...........................................................x...............X...............`...............X........1..*...1..*......................................................................j...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.U.S.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.&.O.C.I.D.=.M.N.H.P._.U.5.3.1.....................................8.......0.......8....................................................................... .......................................................P...$...2.c.f.2.f.2.8.3.-.3.8.0.8.-.4.c.c.8.-.a.b.2.d.-.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13380506493545925

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3985
                                                                                                                                                                                                                      Entropy (8bit):3.93703447255499
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:3c+hF0wD8WQpV8UIoQUbXf6sKy7s+WBs4aVj:31gwDI8xoBbXfUlaVj
                                                                                                                                                                                                                      MD5:3CB8715E8505E106C013453869873468
                                                                                                                                                                                                                      SHA1:8CD44DB21343EA7E10D0AB7B62CEC4F57F12163A
                                                                                                                                                                                                                      SHA-256:A1E302732C1A9591B12A2C7C233179F1404D0A51B2D0CC4375D3D414E1712F20
                                                                                                                                                                                                                      SHA-512:7FC6A51272911C05BE22BF277E274BE91E666B09A6537E2B918E5409E894592001110BFF4404B387DCAB0C8B27F431321F02DECFE3156A807FD28EEEC56C80B0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:SNSS.................d^.`/.q..l...............https://www.bing.com/search?q=regedikt&form=WNSGPH&qs=SW&cvid=1c4c2e2811e44c03a63aad6fcf391716&pq=regedikt&cc=GB&setlang=en-US&wsso=Moderate....r.e.g.e.d.i.k.t. .-. .S.e.a.r.c.h...........................................................x...............................................h........*..2....*..2...........................x....................................... .......h.t.t.p.s.:././.w.w.w...b.i.n.g...c.o.m./.s.e.a.r.c.h.?.q.=.r.e.g.e.d.i.k.t.&.f.o.r.m.=.W.N.S.G.P.H.&.q.s.=.S.W.&.c.v.i.d.=.1.c.4.c.2.e.2.8.1.1.e.4.4.c.0.3.a.6.3.a.a.d.6.f.c.f.3.9.1.7.1.6.&.p.q.=.r.e.g.e.d.i.k.t.&.c.c.=.G.B.&.s.e.t.l.a.n.g.=.e.n.-.U.S.&.w.s.s.o.=.M.o.d.e.r.a.t.e.................................................0.......H.......X.......x...............................................................8.......P.......h.......................................................h...0.......?.%. .B.l.i.n.k. .s.e.r.i.a.l.i.z.e.d. .f.o.r.m. .s.t.a.t.e. .v.e.r.s.i.o.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts-journal

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                                                                      Entropy (8bit):0.12227588125913882
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:FiIHlFll:YI
                                                                                                                                                                                                                      MD5:658717E32F94A5F4A00F98B86506C4FD
                                                                                                                                                                                                                      SHA1:5B47A009A0AC145A81F40BE78261A6B7088E7BC6
                                                                                                                                                                                                                      SHA-256:2BDF74689808E53ACAF63BEF48E1C46B0C3C288A8B81C1761047634EC23DA4C7
                                                                                                                                                                                                                      SHA-512:C6F2111C620AC7B28BB58546095F1481E27141FA3CD4120F82E1DBC4E136D06BB798C1D4CA9C524F4D21ED12A739BCC58211BF4BB95121E07AC109BBB652388D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:............n..-................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):352
                                                                                                                                                                                                                      Entropy (8bit):5.114597886407135
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:iOLXB2FN+q2PCN23oH+Tcwt7Uh2ghZIFUtRXB2FZZmwPXB2FNVkwOCN23oH+TcwK:7Lx2FN+v1YebIhHh2FUtRx2FZ/Px2FNj
                                                                                                                                                                                                                      MD5:5BB79CAA8F5B6375F02C7D8E6E260CC3
                                                                                                                                                                                                                      SHA1:2FDC0405B58D4E12F09E171EFF9D8014DB09A65C
                                                                                                                                                                                                                      SHA-256:1B5A71DA14FF7BFC8A9C252989465FD9DB66512E231E9A842D876309831E431D
                                                                                                                                                                                                                      SHA-512:394FE763DE6E121E0C8417D7EE9E8715E4042B55B5433BD6DFE1AC53D73D8B31C491724DD97D84D4F3AF5AD1D18BD45CD1A35D8006C9CF4EF244781CA6BB2D06
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:2025/01/04-18:21:30.805 1ddc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/01/04-18:21:30.805 1ddc Recovering log #3.2025/01/04-18:21:30.805 1ddc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):352
                                                                                                                                                                                                                      Entropy (8bit):5.114597886407135
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:iOLXB2FN+q2PCN23oH+Tcwt7Uh2ghZIFUtRXB2FZZmwPXB2FNVkwOCN23oH+TcwK:7Lx2FN+v1YebIhHh2FUtRx2FZ/Px2FNj
                                                                                                                                                                                                                      MD5:5BB79CAA8F5B6375F02C7D8E6E260CC3
                                                                                                                                                                                                                      SHA1:2FDC0405B58D4E12F09E171EFF9D8014DB09A65C
                                                                                                                                                                                                                      SHA-256:1B5A71DA14FF7BFC8A9C252989465FD9DB66512E231E9A842D876309831E431D
                                                                                                                                                                                                                      SHA-512:394FE763DE6E121E0C8417D7EE9E8715E4042B55B5433BD6DFE1AC53D73D8B31C491724DD97D84D4F3AF5AD1D18BD45CD1A35D8006C9CF4EF244781CA6BB2D06
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:2025/01/04-18:21:30.805 1ddc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/01/04-18:21:30.805 1ddc Recovering log #3.2025/01/04-18:21:30.805 1ddc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\12b6d3a2-9911-4f5c-ba7b-543e47b10a01.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):59
                                                                                                                                                                                                                      Entropy (8bit):4.619434150836742
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:YLbkVKJq0nMb1KKqk1Yn:YHkVKJTnMRKXk1Yn
                                                                                                                                                                                                                      MD5:78BFCECB05ED1904EDCE3B60CB5C7E62
                                                                                                                                                                                                                      SHA1:BF77A7461DE9D41D12AA88FBA056BA758793D9CE
                                                                                                                                                                                                                      SHA-256:C257F929CFF0E4380BF08D9F36F310753F7B1CCB5CB2AB811B52760DD8CB9572
                                                                                                                                                                                                                      SHA-512:2420DFF6EB853F5E1856CDAB99561A896EA0743FCFF3E04B37CB87EDDF063770608A30C6FFB0319E5D353B0132C5F8135B7082488E425666B2C22B753A6A4D73
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\data_0

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\data_1

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                                      Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\data_2

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\data_3

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\index

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):524656
                                                                                                                                                                                                                      Entropy (8bit):5.027445846313988E-4
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:LsFlPloZ+/l:LsFg0
                                                                                                                                                                                                                      MD5:7E967F0535FD5A42C372E28F73F23761
                                                                                                                                                                                                                      SHA1:10C56EF43BB5FF9BA4A28A7A2CA6A23549D4123F
                                                                                                                                                                                                                      SHA-256:428C89EC2C85D00FD16FA3DEF7BB66FDAEE05B6DAF1B441E42E03C1BDF58D066
                                                                                                                                                                                                                      SHA-512:BF1AFBB193F0ED3DE2BF4A05000B737E7CC2362C437DA9240CE00431C512246B6154B0DDD2DA3029ED99FC7DBAC3CFC54BA7BE26B9ED64FA03E11D6AF28279C2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........................................W..../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                                      Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:m+l:m
                                                                                                                                                                                                                      MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                      SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                      SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                      SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:0\r..m..................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\temp-index

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                      Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:bKVR0ETU5+:mV9TU5+
                                                                                                                                                                                                                      MD5:DA782558B7ACE8FE5FA516D212FA8AB7
                                                                                                                                                                                                                      SHA1:BB99D6F9F37D3DF233C02CFD63359E705A40CBED
                                                                                                                                                                                                                      SHA-256:A96CE678FA706ECE91C67FCE2819C2FD8EC0503477B546EDC8E1133BF6B64F0E
                                                                                                                                                                                                                      SHA-512:FC02F3D6B4FE28AE62C616A282E5FFD3BFD7641211E6BEDCC317AD10F2819143355ECC0687642DD5DC6704F7DB6C7EB644B13CF5568C24B9D6526EC8A5B18578
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:(...FJ7.oy retne.........................qV.../.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                      Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:bKVR0ETU5+:mV9TU5+
                                                                                                                                                                                                                      MD5:DA782558B7ACE8FE5FA516D212FA8AB7
                                                                                                                                                                                                                      SHA1:BB99D6F9F37D3DF233C02CFD63359E705A40CBED
                                                                                                                                                                                                                      SHA-256:A96CE678FA706ECE91C67FCE2819C2FD8EC0503477B546EDC8E1133BF6B64F0E
                                                                                                                                                                                                                      SHA-512:FC02F3D6B4FE28AE62C616A282E5FFD3BFD7641211E6BEDCC317AD10F2819143355ECC0687642DD5DC6704F7DB6C7EB644B13CF5568C24B9D6526EC8A5B18578
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:(...FJ7.oy retne.........................qV.../.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                                      Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:m+l:m
                                                                                                                                                                                                                      MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                      SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                      SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                      SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:0\r..m..................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir\temp-index

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                      Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:bKVR0ETU5+:mV9TU5+
                                                                                                                                                                                                                      MD5:DA782558B7ACE8FE5FA516D212FA8AB7
                                                                                                                                                                                                                      SHA1:BB99D6F9F37D3DF233C02CFD63359E705A40CBED
                                                                                                                                                                                                                      SHA-256:A96CE678FA706ECE91C67FCE2819C2FD8EC0503477B546EDC8E1133BF6B64F0E
                                                                                                                                                                                                                      SHA-512:FC02F3D6B4FE28AE62C616A282E5FFD3BFD7641211E6BEDCC317AD10F2819143355ECC0687642DD5DC6704F7DB6C7EB644B13CF5568C24B9D6526EC8A5B18578
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:(...FJ7.oy retne.........................qV.../.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):48
                                                                                                                                                                                                                      Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:bKVR0ETU5+:mV9TU5+
                                                                                                                                                                                                                      MD5:DA782558B7ACE8FE5FA516D212FA8AB7
                                                                                                                                                                                                                      SHA1:BB99D6F9F37D3DF233C02CFD63359E705A40CBED
                                                                                                                                                                                                                      SHA-256:A96CE678FA706ECE91C67FCE2819C2FD8EC0503477B546EDC8E1133BF6B64F0E
                                                                                                                                                                                                                      SHA-512:FC02F3D6B4FE28AE62C616A282E5FFD3BFD7641211E6BEDCC317AD10F2819143355ECC0687642DD5DC6704F7DB6C7EB644B13CF5568C24B9D6526EC8A5B18578
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:(...FJ7.oy retne.........................qV.../.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):270336
                                                                                                                                                                                                                      Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):8192
                                                                                                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\index

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):262512
                                                                                                                                                                                                                      Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:LsFl0lWtl:LsFK2
                                                                                                                                                                                                                      MD5:AA4F4A68B348259216C8253C83BE5858
                                                                                                                                                                                                                      SHA1:BD0FCD6EDDAEA7B823B2B44ABE77E719B00B979C
                                                                                                                                                                                                                      SHA-256:0F35170E956386477D6F3D09CBE39DBCF1499B10E991EE2BD921E07A11E0A3A9
                                                                                                                                                                                                                      SHA-512:5F71967DEC73217DBF69C07EE13B7FE967AB8DE8AE2A98110548D9A142C210EA1439A63D15736372905C4E66B67979932E7696D60929E00D6A8318EB18120457
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:..........................................Q.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\000001.dbtmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):391
                                                                                                                                                                                                                      Entropy (8bit):5.2140771414847515
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:iOLXBJ6q1CN23oH+TcwtzjqEKj3K/2jM8B2KLlBXBAP3+q2PCN23oH+TcwtzjqE0:7LxdYebvqBvFLPxbv1YebvqBQFUv
                                                                                                                                                                                                                      MD5:6DE753DCC0804FF3DE9B5AF5ACC5EBF1
                                                                                                                                                                                                                      SHA1:A3231FAC7E7C26B4EF18C7DD88F08317D1CAD760
                                                                                                                                                                                                                      SHA-256:8D2BB7CEF25E51FED5E3136B79DB59F579BDAA51D980F821DC96D60FFF936759
                                                                                                                                                                                                                      SHA-512:4D4C85C1E1B5CC9A6453D2181BE0B5FF20F9E2AA6CB79EDB515877423F306DC8BD7ADBE1F8F8955047A0834400AD73607680E50330AFA45D2BD16B74867BA547
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:2025/01/04-18:21:31.159 118 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb since it was missing..2025/01/04-18:21:31.723 118 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\MANIFEST-000001

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network Persistent State (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):59
                                                                                                                                                                                                                      Entropy (8bit):4.619434150836742
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:YLbkVKJq0nMb1KKqk1Yn:YHkVKJTnMRKXk1Yn
                                                                                                                                                                                                                      MD5:78BFCECB05ED1904EDCE3B60CB5C7E62
                                                                                                                                                                                                                      SHA1:BF77A7461DE9D41D12AA88FBA056BA758793D9CE
                                                                                                                                                                                                                      SHA-256:C257F929CFF0E4380BF08D9F36F310753F7B1CCB5CB2AB811B52760DD8CB9572
                                                                                                                                                                                                                      SHA-512:2420DFF6EB853F5E1856CDAB99561A896EA0743FCFF3E04B37CB87EDDF063770608A30C6FFB0319E5D353B0132C5F8135B7082488E425666B2C22B753A6A4D73
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000003.log

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2095
                                                                                                                                                                                                                      Entropy (8bit):6.260155942446524
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:ika17NpmKOTWzdTYRV+ETlht4l9EpmPL1lyTJosliqDfpmPL1lE6TJ3:ika15pROTWzqRAqlP4lepwxlIosl3fpC
                                                                                                                                                                                                                      MD5:D99636936FF222D9E90153B20C6982D7
                                                                                                                                                                                                                      SHA1:1C0D9F1D6C0B6F2F3DDEBEA9F7F2D917FB42EE42
                                                                                                                                                                                                                      SHA-256:FE6F992A56E4CC90AA536B14AB6B7C4FDD67C28232FF13D3F5CA8812A26D0757
                                                                                                                                                                                                                      SHA-512:461D1D0B1CC651E95B5FBB1FA80EB4A2E7F7CB5A62C3CCC07B40F96861B73D63E4AE76FB9A515172A54278CC3947EDD1CBE490A6A952B28E4E5F71626F6A7A3E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:...n'................_mts_schema_descriptor.....F..................F.................3k.)................device_info-GlobalMetadata@.........J..|..... .*.oQxBx3XB+LeESt8u9/Z/2A==2.000340011677ED77.'device_info-md-oQxBx3XB+LeESt8u9/Z/2A==]..O9Y4QRTO52yAtnmJvgDmbxgG0y4=.. .(.0..........8...../@...../J.Fo0ZVE38AhfYdxChT37PSoU+O9U=R..'device_info-dt-oQxBx3XB+LeESt8u9/Z/2A==....oQxBx3XB+LeESt8u9/Z/2A==..To Be Filled By O.E.M..."QChrome WIN 93.0.961.52 (55ddfa3ef850523eea11b31f81b5facebd8934c3) channel(stable)*.93.0.961.52:$d14a0d0c-703a-47a1-a1a4-158e21707eb4@...../J...Z.To Be Filled By O.E.M.b.To Be Filled By O.E.M.h..r..........93.0.961.52$nd i................device_info-GlobalMetadata@.........J..|..... .*.oQxBx3XB+LeESt8u9/Z/2A==2.000340011677ED77.b.Z................'device_info-md-oQxBx3XB+LeESt8u9/Z/2A==}..O9Y4QRTO52yAtnmJvgDmbxgG0y4=.$4825df59-2fc2-4a0b-a2d5-569bbcb87906.. .(.0...../8...../@...../J.Fo0ZVE38AhfYdxChT37PSoU+O9U=..device_info-GlobalMetadata@.........J..|..... .*.oQxBx3X

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):328
                                                                                                                                                                                                                      Entropy (8bit):5.167612750717563
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:iOLXBAlNAVq2PCN23oH+TcwtpIFUtRXBAlNAgZmwPXBBAIkwOCN23oH+Tcwta/Wd:7LxZv1YebmFUtRxk/Pxh5eYebaUJ
                                                                                                                                                                                                                      MD5:33915E2A37633AAD39B39181D198B5C8
                                                                                                                                                                                                                      SHA1:047C3F343180300F095BA68C5A38E874E2DB8E3F
                                                                                                                                                                                                                      SHA-256:4F5698DFDF09B39CE5E9581DA6B4CFE7CE07F68FFE1B6CF52E1CDC977BF48FFA
                                                                                                                                                                                                                      SHA-512:18674DB0956E223BA1498071B13679AD1DBB0A3BBAEBF754AEE867D7AEAE561262FC6C65AC95B16E0A270E0C8400F5556A761B891E70655A95919476C6AE2288
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:2025/01/04-18:21:30.820 1440 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/01/04-18:21:30.820 1440 Recovering log #3.2025/01/04-18:21:30.821 1440 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):328
                                                                                                                                                                                                                      Entropy (8bit):5.167612750717563
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:iOLXBAlNAVq2PCN23oH+TcwtpIFUtRXBAlNAgZmwPXBBAIkwOCN23oH+Tcwta/Wd:7LxZv1YebmFUtRxk/Pxh5eYebaUJ
                                                                                                                                                                                                                      MD5:33915E2A37633AAD39B39181D198B5C8
                                                                                                                                                                                                                      SHA1:047C3F343180300F095BA68C5A38E874E2DB8E3F
                                                                                                                                                                                                                      SHA-256:4F5698DFDF09B39CE5E9581DA6B4CFE7CE07F68FFE1B6CF52E1CDC977BF48FFA
                                                                                                                                                                                                                      SHA-512:18674DB0956E223BA1498071B13679AD1DBB0A3BBAEBF754AEE867D7AEAE561262FC6C65AC95B16E0A270E0C8400F5556A761B891E70655A95919476C6AE2288
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:2025/01/04-18:21:30.820 1440 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/01/04-18:21:30.820 1440 Recovering log #3.2025/01/04-18:21:30.821 1440 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 8, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):122880
                                                                                                                                                                                                                      Entropy (8bit):1.127558825945373
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:sV+4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6:sV+4n/9p/39J6hwNKRmqu+7VusE
                                                                                                                                                                                                                      MD5:5397F1C0BC53C6833D69F56B5B002013
                                                                                                                                                                                                                      SHA1:57523CB0AB939296AA859BD125253E80D5FE822B
                                                                                                                                                                                                                      SHA-256:E2E2B200BCB54D55D8798BF335D33AEF327A5229835FE3ED70A8245F88F339DC
                                                                                                                                                                                                                      SHA-512:A9E7687DD7160D0F2FE38784AF8BAB90D270F532230DA6CB9E32F785ED8F08D6D823624A604867EDBE1CFFC8DB26C29751A9B80FC0E1D6680E5612E256FCC791
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a1e281e2-9568-4a6a-9cfb-335ffa30cf2a.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):7894
                                                                                                                                                                                                                      Entropy (8bit):4.956593607486859
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:s7oTNk9jPcAWMdkrOouYI3+YJuRhi7jrnhlI:s7oTNk9jPcAWMdGOoVISgrI
                                                                                                                                                                                                                      MD5:A95977E7B7FC0FA4EC3B2E0F62A93CF2
                                                                                                                                                                                                                      SHA1:4F9BCB043EA9AF90344C742A8DDA929E7620BDAF
                                                                                                                                                                                                                      SHA-256:94D37DF21890E32A7CAA76D875CCD42BE1E19ACF9023B9FF0BF47F5391F9B4DC
                                                                                                                                                                                                                      SHA-512:20F9D6EA3A4DF99EBA6373FC2501171799F0B1F0DFB332F7D7CDD4B769D9BC09C06B08173541231E5AC7D537497CB9F153E091A1615A152A35868EA47B261279
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_info":[],"account_tracker_service_last_update":"13380506491038307","alternate_error_pages":{"backup":true},"anaheim_import":{"auto_imported_details":{"imported_time":"Wed Sep 22 11:33:08 2021\n","profiles":{"browser_name":6,"is_AutoFillFormData_imported":true,"is_Cookies_imported":true,"is_Extensions_imported":true,"is_Favorite_imported":true,"is_History_imported":true,"is_Payments_imported":true,"is_SavedPasswords_imported":true,"is_Settings_imported":true,"source_path":"C:\\Users\\user\\AppData\\Local\\Packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\User\\Default"}},"imported_default_search_engine":"https://www.bing.com/search?q={searchTerms}&FORM={referrer:source}"},"autocomplete":{"retention_policy_last_version":94},"autofill":{"orphan_rows_removed":true},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"time_of_last_norm

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b3fd637e-2467-4f09-af51-3fa3ef1363b6.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):9000
                                                                                                                                                                                                                      Entropy (8bit):4.994257462742733
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:18XcUTNk9jPcAWMdkxoouYI3+YJuRhFeB/NhK9:2cUTNk9jPcAWMdaooVIS/me9
                                                                                                                                                                                                                      MD5:3CB1586353968B52F028A678ED76E36E
                                                                                                                                                                                                                      SHA1:CA5D7CF1919B126888AE487BEF587ABA56CFC4C9
                                                                                                                                                                                                                      SHA-256:14842C0CB079FF70AC52A3DDEB82275D34E792F24A8CF9E229C3755A7014B382
                                                                                                                                                                                                                      SHA-512:DA5462C205157B953A8A2D87430C910B2B09ED2701D2110EA6A9AA0BC8CAC303479B2E09B87B069E1B30B29FFE70565BE544944D0CBF2E3255A80EEDFA30F54A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"account_id_migration_state":2,"account_info":[{"account_id":"000340011677ED77","accountcapabilities":{"can_offer_extended_chrome_sync_promos":-1},"edge_account_age_group":3,"edge_account_cid":"8628dc546dc99469","edge_account_first_name":"Shahak","edge_account_is_test_on_premises_profile":false,"edge_account_last_name":"Shapira","edge_account_location":"CH","edge_account_oid":"","edge_account_sovereignty":0,"edge_account_tenant_id":"","edge_account_type":1,"edge_data_protection_type":0,"edge_is_data_protection_target":false,"edge_wam_aad_for_app_account_type":0,"email":"shahak.shapira@outlook.com","full_name":"","gaia":"000340011677ED77","given_name":"","hd":"","is_supervised_child":-1,"is_under_advanced_protection":false,"last_downloaded_image_url_with_size":"","locale":"","picture_url":""}],"account_tracker_service_last_update":"13335737597040910","alternate_error_pages":{"backup":true},"anaheim_import":{"auto_imported_details":{"imported_time":"Wed Sep 22 11:33:08 2021\n","profiles

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ba1be715-c298-471e-8211-8d5342fa884b.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:MS Windows icon resource - 8 icons, 16x16, 32 bits/pixel, 20x20, 32 bits/pixel
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):71757
                                                                                                                                                                                                                      Entropy (8bit):6.771708343960135
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:vAlMWz7vLDtDSVlXXwpFlorgLUxF+D4n6owPFCawP/:vvuWAUxFaoGw/
                                                                                                                                                                                                                      MD5:E5E3377341056643B0494B6842C0B544
                                                                                                                                                                                                                      SHA1:D53FD8E256EC9D5CEF8EF5387872E544A2DF9108
                                                                                                                                                                                                                      SHA-256:E23040951E464B53B84B11C3466BBD4707A009018819F9AD2A79D1B0B309BC25
                                                                                                                                                                                                                      SHA-512:83F09E48D009A5CF83FA9AA8F28187F7F4202C84E2D0D6E5806C468F4A24B2478B73077381D2A21C89AA64884DF3C56E8DC94EB4AD2D6A8085AC2FEB1E26C2EF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:............ .h............. ............... ......... .... .........((.... .h....%..00.... ..%..>@..@@.... .(B...e........ .?p......(....... ..... ..........................................w...x...y...v...j...c...\...N...........................w.<.w...y...x...]...P...M...N...N...N...M...H.<.............w.<.w...y...{...]...P...O...Q...R...P...O...N...K...H.<.........w...y...{...p...P...P...Q...S...Q...P..N...N..K...K.......w...y...{...|...i...Q...P...S...R.......................I.W.....y...{...}.......c...Q...Q...U.W......3<..6.i.?.V.D.L.L.@.Q<.....{...}..........n...P...S............3.7...;.f.B.P.P.D.U.8.[W.}................P...P.s..........3...7...<.g.H.c.O.R.Y.?.].................u...J...........6..8...?...E.o.O.U.W.L._..............................$...7...@...J.o.O.b.].L.f..+...........................*...0...;...J...S.h.].X.e.../..0.................!...*...*...2...<...G...P.i.g.Y.m.......1..2..0...0.......+...*...*...1...8...C...M.~.^.m.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\c3d66365-b5e6-4dfa-ba06-d4b225ae8c0b.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1
                                                                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d5f4b5c7-1b71-4a9c-8c02-95bfa983a0c5.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2491
                                                                                                                                                                                                                      Entropy (8bit):5.025594632492727
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:YPj1f4Vr8KVNkGkXX6VVks0LtpsA19rnL9crbJ/anUJaYPI7xaMGH1oB+Cm7:KtoGX6VVOZpsAzrLOrMn3YPo0MG6+Z7
                                                                                                                                                                                                                      MD5:24275A126BD3A45A83DA31C26FE01294
                                                                                                                                                                                                                      SHA1:8F025140A70E9E7AEAE6834EC1B50355EAA79B21
                                                                                                                                                                                                                      SHA-256:9E4712F760581958A0267A5B70D1A1706ACE48566FF99701DCC9CF81043EE669
                                                                                                                                                                                                                      SHA-512:7F2582C4CADE8227E6BCE71584E503D833FE0C5C66EB0F5900B0D071B419D05B8402584201498BDFD107F697DF80AC6FD23C345367C5868D919DE928CF7B7600
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"edge":{"services":{"last_account_id":"","last_username":""}},"extensions":{"settings":{}},"prefs":{"preference_reset_time":"13380506490625502"},"protection":{"macs":{"browser":{"show_home_button":"904452986128BBEE5A7B1FFB8F342100C3150E3D9FD76C4105DF33EB021E22FD"},"default_search_provider_data":{"template_url_data":"575D258E47F940C6887685ABA99A5839CBFE4BA30863349DFE0D0C375AAB8816"},"edge":{"services":{"account_id":"D456A886A0DBE318CF511789EB70CFBEB8B3E35DA05B44245AFA153CF2527082","identity":{"schema":"50E673A6E3700B5431DD5887049F3271B5C2BEA02D53D968CBD61D36F54D9292"},"last_account_id":"6A5B5A031791B5A5FA7238C8E3FDD8A324CC8F19F63EAD5B2E896B84A5786B51","last_username":"AEEC085E5852B256515B8A4CA04B9576AB6B11591758E5AF201224060FD694E8"}},"homepage":"B1E9FE8108A84F532486D13AAC43C0AFDA16D3DFC9EB2F743AEE11F89F2F163E","homepage_is_newtabpage":"3680F776D17E3C099431BAF5381FAB9BCC0C2C70FEA4C74D12324BC94A207119","media":{"cdm":{"origin_data":"CE16C9485175ED827C5B13C2EE9BFCEDDD3444AF290CF59B851C1B

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:1sjgWIV//Rv:1qIFJ
                                                                                                                                                                                                                      MD5:6752A1D65B201C13B62EA44016EB221F
                                                                                                                                                                                                                      SHA1:58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
                                                                                                                                                                                                                      SHA-256:0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
                                                                                                                                                                                                                      SHA-512:9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MANIFEST-000004.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):47
                                                                                                                                                                                                                      Entropy (8bit):4.3978967670691205
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:tQKVUUfXBvbSG1Zmwvn:iOLXBvbXZmwv
                                                                                                                                                                                                                      MD5:C37BAA6FAD1D0C2875B6DB111C9BACEB
                                                                                                                                                                                                                      SHA1:B362FAB6838109C9E5077AC17D84C500D2A53547
                                                                                                                                                                                                                      SHA-256:4A15249D71315940B204E64CFD424D35284643065C9C8F187B5FED4D4FED03AE
                                                                                                                                                                                                                      SHA-512:4E6C32F5E3EE81892BC248F9F3B5B95961BB0960B77BF5330701057B73EA207E7E0B8EF9F4D818B6089867AEF377983643C5E875B4E954A54D4CDFCAFAA5F8A2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:2025/01/04-18:21:33.830 15b0 Recovering log #3.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG.old (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):47
                                                                                                                                                                                                                      Entropy (8bit):4.3978967670691205
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:tQKVUUfXBvbSG1Zmwvn:iOLXBvbXZmwv
                                                                                                                                                                                                                      MD5:C37BAA6FAD1D0C2875B6DB111C9BACEB
                                                                                                                                                                                                                      SHA1:B362FAB6838109C9E5077AC17D84C500D2A53547
                                                                                                                                                                                                                      SHA-256:4A15249D71315940B204E64CFD424D35284643065C9C8F187B5FED4D4FED03AE
                                                                                                                                                                                                                      SHA-512:4E6C32F5E3EE81892BC248F9F3B5B95961BB0960B77BF5330701057B73EA207E7E0B8EF9F4D818B6089867AEF377983643C5E875B4E954A54D4CDFCAFAA5F8A2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:2025/01/04-18:21:33.830 15b0 Recovering log #3.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:MPEG-4 LOAS
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):50
                                                                                                                                                                                                                      Entropy (8bit):5.028758439731456
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:Ukk/vxQRDKIVmt+8jzn:oO7t8n
                                                                                                                                                                                                                      MD5:031D6D1E28FE41A9BDCBD8A21DA92DF1
                                                                                                                                                                                                                      SHA1:38CEE81CB035A60A23D6E045E5D72116F2A58683
                                                                                                                                                                                                                      SHA-256:B51BC53F3C43A5B800A723623C4E56A836367D6E2787C57D71184DF5D24151DA
                                                                                                                                                                                                                      SHA-512:E994CD3A8EE3E3CF6304C33DF5B7D6CC8207E0C08D568925AFA9D46D42F6F1A5BDD7261F0FD1FCDF4DF1A173EF4E159EE1DE8125E54EFEE488A1220CE85AF904
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:V........leveldb.BytewiseComparator...#...........

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fcb188d2-c31a-4260-b4b4-e9b85bc949b4.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1335
                                                                                                                                                                                                                      Entropy (8bit):4.874937409709386
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:Y2tJ3aJ3as2qhVsataesaoRdsRzydMHD2sRBydMHDU3RdsRjdMHND07n7:Y2fqJqs2qhVVMeVgsR8MHisRyMH6sRhh
                                                                                                                                                                                                                      MD5:C1A927407535BD2ABAE5B12CF888CE3D
                                                                                                                                                                                                                      SHA1:627127B8B112CAE52AE84DF2C32CC645976C2956
                                                                                                                                                                                                                      SHA-256:CD9E872195611224ECEA1AB1049939FD71041756F15D52B3F98401BF39A5B1E2
                                                                                                                                                                                                                      SHA-512:C85CD9BD433081C59F834C6BCED07E7B1B1945A72157E0FE40F4DA66BE5F3CEAC9B11364F82CB8634BE85C0C38391321E364A68637031B2C363AD9BBB0BDA1ED
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://edge.activity.windows.com","supports_spdy":true},{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true},{"isolation":[],"server":"https://dns.quad9.net","supports_spdy":true},{"isolation":[],"server":"https://prod.rewardsplatform.microsoft.com","supports_spdy":true},{"isolation":[],"server":"https://substrate.office.com","supports_spdy":true},{"isolation":[],"server":"https://edge.microsoft.com","supports_spdy":true},{"isolation":[],"server":"https://arc.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13335831198055056","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":10404},"server":"https://th.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13335831198559246","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":10404},"server":"https://www.bing.com","supports

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                      Entropy (8bit):0.03787681189878535
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:Gtl5/8JB8CAxDqJ+l/tl5/8JB8CAxDqJRkRa9//9lnl/telfl6ll:Gto1J+tto1Ji89XHl/c
                                                                                                                                                                                                                      MD5:CA8AE5FFFD51A409EA4760C262153808
                                                                                                                                                                                                                      SHA1:42AF5F900F8CAF71D5025BD19A40BCBE5D8B8A4F
                                                                                                                                                                                                                      SHA-256:C233F1F14938F82D5B14EF4B9903082D11867ED31574759A1168D2C65BDEA2DF
                                                                                                                                                                                                                      SHA-512:7C359AA4DACCFD73A679668B52CE306DF12E36B4BD40F81F8787883FA1784E57F8CE0AB44BB17D6BE37A7AC7A0D0F2D317AC0ED53D31E01855CD844DF343AAC8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:..-........................z.w#M..)dX....&.,......-........................z.w#M..)dX....&.,............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16512
                                                                                                                                                                                                                      Entropy (8bit):0.6246983549868028
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:KiX+WUSiT/e+s6kxt6hzWUCh7qd1+sLt3IA:JXHUZTG+s6k+hCUCtqP+sLyA
                                                                                                                                                                                                                      MD5:3847901BFC67863FC0F5FFB05D126698
                                                                                                                                                                                                                      SHA1:1FF502EE7AC4A04975BCE3DE57579D9101352E94
                                                                                                                                                                                                                      SHA-256:2A31A018409782642907B41607F4699644DBD20FC5CCA26E2B1B819541CE9806
                                                                                                                                                                                                                      SHA-512:E3EBCDF3A0C66CC4A5B8FEA32734212B01B5BD7E4F774B2A5B0AA8C6E2CE7517848CC9639BF153B4F9CCFC21E7D3BA4592988967761CF96BDA38DAA0B6AFD007
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:7....-............)dX...9................)dX...b.o+Gt.<...........c....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):321
                                                                                                                                                                                                                      Entropy (8bit):5.232833620465993
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:iOLXBkvq2PCN23oH+TcwtfrK+IFUtRXBkiZmwPXBk1FkwOCN23oH+TcwtfrUeLJ:7Lxkvv1Yeb23FUtRxki/Pxk1F5eYeb3J
                                                                                                                                                                                                                      MD5:DAB579EA3638C82D42208D38049A119F
                                                                                                                                                                                                                      SHA1:BFEB9463020A1434C7FF4227B1AF012DCDF17A97
                                                                                                                                                                                                                      SHA-256:90EA2026E7F0AFBB1D0EB544977AEC3B59E0789993C05160AF767F99D7834E8B
                                                                                                                                                                                                                      SHA-512:520181D323BCAC19C3477DD6139E25B7B98580DFEE1A1AB5E4BCEB1FB9D0EB311C823644F5443974A7901069AA9FAE028094B2EBBB860FBEAB4F5E68422B89A4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:2025/01/04-18:21:31.063 714 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2025/01/04-18:21:31.063 714 Recovering log #3.2025/01/04-18:21:31.064 714 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):321
                                                                                                                                                                                                                      Entropy (8bit):5.232833620465993
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:iOLXBkvq2PCN23oH+TcwtfrK+IFUtRXBkiZmwPXBk1FkwOCN23oH+TcwtfrUeLJ:7Lxkvv1Yeb23FUtRxki/Pxk1F5eYeb3J
                                                                                                                                                                                                                      MD5:DAB579EA3638C82D42208D38049A119F
                                                                                                                                                                                                                      SHA1:BFEB9463020A1434C7FF4227B1AF012DCDF17A97
                                                                                                                                                                                                                      SHA-256:90EA2026E7F0AFBB1D0EB544977AEC3B59E0789993C05160AF767F99D7834E8B
                                                                                                                                                                                                                      SHA-512:520181D323BCAC19C3477DD6139E25B7B98580DFEE1A1AB5E4BCEB1FB9D0EB311C823644F5443974A7901069AA9FAE028094B2EBBB860FBEAB4F5E68422B89A4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:2025/01/04-18:21:31.063 714 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2025/01/04-18:21:31.063 714 Recovering log #3.2025/01/04-18:21:31.064 714 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):482
                                                                                                                                                                                                                      Entropy (8bit):3.9553035680156614
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:G0Xtqcsqcva3mF2lHSenmF2lH+l1m8Bc3mtD4tmF2llemF2lq3m8qPmt761m9yKJ:G0nYvaZyGVC43oqn624Mtxjx4s
                                                                                                                                                                                                                      MD5:1D57238A387C249ABAB62C1D7D17C8C0
                                                                                                                                                                                                                      SHA1:C0B2F6FD2B7584B216018F8D90D88C8F4D4AC3BB
                                                                                                                                                                                                                      SHA-256:AF7A0E2C082701BA6DEE265F40590BE9531914787C34F8A8767B7D70DCFE56B1
                                                                                                                                                                                                                      SHA-512:053B5690186BB190211DA9D38F6BF758AEB345AD3DD9381AB29A426989E9832EC99A23D8E3E10BCA6AB2DB3D79450AE9AB7E197638895D390D44106CD068DA3D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.h.6.................__global... .t...................__global... ....Q.................20_.........................20_......w...................19_.....u....................18_.........................20_...../...................20_......@C1.................19_......8lS.................18_........h.................21_.....<..[.................9_......~z..................21_.....r....................9_.....m...................__global... ....[.................__global... .

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):339
                                                                                                                                                                                                                      Entropy (8bit):5.208444848887585
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:iOLXBkjUMq2PCN23oH+TcwtfrzAdIFUtRXBkjU9ZmwPXBk46DkwOCN23oH+TcwtS:7LxkjUMv1Yeb9FUtRxkjU9/Pxk1D5eY/
                                                                                                                                                                                                                      MD5:89A23C996DA27DEC69F670F5A3CCB24F
                                                                                                                                                                                                                      SHA1:F0F9CB95FC4E5AFECD2C2696C7A6805B9C12B926
                                                                                                                                                                                                                      SHA-256:557311546F7581366FAE03067437EE4881476CB2C25807B617629469A90831E2
                                                                                                                                                                                                                      SHA-512:28D280442F72F107025EF3EC5A631DB19DD03A4E27B8430B4FDE00F8305999A502DB88FEBD2DC378E817B90FF16F1E7B4A52CB57364669F7E9037CB743EDDC01
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:2025/01/04-18:21:31.061 714 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2025/01/04-18:21:31.061 714 Recovering log #3.2025/01/04-18:21:31.062 714 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):339
                                                                                                                                                                                                                      Entropy (8bit):5.208444848887585
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:iOLXBkjUMq2PCN23oH+TcwtfrzAdIFUtRXBkjU9ZmwPXBk46DkwOCN23oH+TcwtS:7LxkjUMv1Yeb9FUtRxkjU9/Pxk1D5eY/
                                                                                                                                                                                                                      MD5:89A23C996DA27DEC69F670F5A3CCB24F
                                                                                                                                                                                                                      SHA1:F0F9CB95FC4E5AFECD2C2696C7A6805B9C12B926
                                                                                                                                                                                                                      SHA-256:557311546F7581366FAE03067437EE4881476CB2C25807B617629469A90831E2
                                                                                                                                                                                                                      SHA-512:28D280442F72F107025EF3EC5A631DB19DD03A4E27B8430B4FDE00F8305999A502DB88FEBD2DC378E817B90FF16F1E7B4A52CB57364669F7E9037CB743EDDC01
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:2025/01/04-18:21:31.061 714 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2025/01/04-18:21:31.061 714 Recovering log #3.2025/01/04-18:21:31.062 714 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45056
                                                                                                                                                                                                                      Entropy (8bit):0.2975361124918859
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:dRdu/EiHyI+Ra82/CLFdR2vGD/SJ0Yvae5WkE8txuEyGkGTm4rkCdpWEEVVo0g8v:wx9F1IohSdesk9xXytGACtQVjmBa
                                                                                                                                                                                                                      MD5:22546422BF75A4EE30E03B69D90E9DF5
                                                                                                                                                                                                                      SHA1:665BF967C4CE9BC26542AFAEE4CD9438E07DE9A8
                                                                                                                                                                                                                      SHA-256:F3890059F6CE7F39CB1845DD919079680959F9FBBC72060DE39C2AC7B23C0434
                                                                                                                                                                                                                      SHA-512:F99679D0C48F4C79D01FAD662B8F9763214A8E4F523FBEC04F5889F948B2A5493812E17D8838DCE3059B0E578AABE918EFE65FADA1E336A274E2CFD3A21F93D2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:............$...).......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):11
                                                                                                                                                                                                                      Entropy (8bit):2.59490661824394
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:gem3:gL3
                                                                                                                                                                                                                      MD5:E60DFE28E77A79CD2CAA4F53BD711995
                                                                                                                                                                                                                      SHA1:2A150938498D9778DAF21F87B3E52ABDD4084716
                                                                                                                                                                                                                      SHA-256:D5E1FB030857E079A8FD6811C81BF756D23CED9AF5DC299354C88F89B763415E
                                                                                                                                                                                                                      SHA-512:B2ED5D4C3EEB946C2C869988E227ACD771614D559E1C108578546AA919E74251B92C7A1241D5E113018AB20A4295BBBCC12B7C520FB1C13DB242EC1B02B74F43
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:94.0.992.31

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):14969
                                                                                                                                                                                                                      Entropy (8bit):5.626070102257229
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:U9iIuERzA83h09RZxeIcdv8y9mIKf+qNrB:/IuERzA83h09RZxav8y9mIKfHNd
                                                                                                                                                                                                                      MD5:A54D9B4C4C6BFD7B1A85DF43AC991843
                                                                                                                                                                                                                      SHA1:3DFFA3998546EFFE7EAC8457C2EB6C36FA0113B6
                                                                                                                                                                                                                      SHA-256:E4FC9895E47EEE99016D398432A64E420A82F83763079D51204745FDE0B0E8E2
                                                                                                                                                                                                                      SHA-512:8A497A47909B0652FC08906646C3AC505B49807E50BF29BFB47BD92A16E623800F314671E2DA3C7461E1F1ABAEE79EEE3B6DFCC529C5100883008A45C8A14033
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):40
                                                                                                                                                                                                                      Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                      MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                      SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                      SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                      SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):57
                                                                                                                                                                                                                      Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                      MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                      SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                      SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                      SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Edge\User Data\db13b373-d880-4591-81ff-89fd6c652e02.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):14969
                                                                                                                                                                                                                      Entropy (8bit):5.626070102257229
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:U9iIuERzA83h09RZxeIcdv8y9mIKf+qNrB:/IuERzA83h09RZxav8y9mIKfHNd
                                                                                                                                                                                                                      MD5:A54D9B4C4C6BFD7B1A85DF43AC991843
                                                                                                                                                                                                                      SHA1:3DFFA3998546EFFE7EAC8457C2EB6C36FA0113B6
                                                                                                                                                                                                                      SHA-256:E4FC9895E47EEE99016D398432A64E420A82F83763079D51204745FDE0B0E8E2
                                                                                                                                                                                                                      SHA-512:8A497A47909B0652FC08906646C3AC505B49807E50BF29BFB47BD92A16E623800F314671E2DA3C7461E1F1ABAEE79EEE3B6DFCC529C5100883008A45C8A14033
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"abusive_adblocker_etag":"\"1632267943\"","browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"external_config_domain_actions":{"cdm_override":{"applications":[{"applied_policy":"OnlyExposePlayReady","domain":"sling.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tou.tv"},{"applied_policy":"OnlyExposeWidevine","domain":"maxdome.de"},{"applied_policy":"OnlyExposeWidevine","domain":"abc.com"},{"applied_policy":"OnlyExposeWidevine","domain":"tv.apple.com"},{"applied_policy":"OnlyExposeWidevine","domain":"la7.it"},{"applied_policy":"OnlyExposeWidevine","domain":"xfinity.com"},{"applied_policy":"OnlyExposeWidevine","domain":"watchtv.cox.com"},{"applied_policy":"OnlyExposeWidevine","domain":"ignitetv.rogers.com"

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):9472
                                                                                                                                                                                                                      Entropy (8bit):4.030075560847171
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:aoL4sh4jFYY4Rw6fzLzcR6R+oaeDowAOJ:am4yUFYFRw6/zcIIoagoGJ
                                                                                                                                                                                                                      MD5:BD0ADA3B29AF3C66DDDF22A65AA0C2B5
                                                                                                                                                                                                                      SHA1:DF69273809FD51AED1AE92B2F037B224D0504C59
                                                                                                                                                                                                                      SHA-256:C2BCB4FB1B4A055428F18EF580966FD790867E3D596BAE4D2E31EAA5375178D9
                                                                                                                                                                                                                      SHA-512:4714B1C9C75E66399DFFA4E7B992F708649CBA8FF1CC53ABFCC6DC07A985D8F7C1449164628F4AE1E870BCC83986730043EFE320E5DF548F1E0AF17E49693C67
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".R.k.K.I.3.d.B.9.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.w.I.h.U.d.j.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):64
                                                                                                                                                                                                                      Entropy (8bit):0.34726597513537405
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:Nlll:Nll
                                                                                                                                                                                                                      MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                                                                      SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                                                                      SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                                                                      SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:@...e...........................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txt

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1096
                                                                                                                                                                                                                      Entropy (8bit):5.13006727705212
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                                                                      MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                                                                      SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                                                                      SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                                                                      SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Programs\unrealgame\LICENSES.chromium.html

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:HTML document, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):9171467
                                                                                                                                                                                                                      Entropy (8bit):4.787763754813168
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24576:MZS6w9635kuWSo8RptCNlmfzJ626a6Z6h6myH6Eppl/:MLFNSd
                                                                                                                                                                                                                      MD5:D4800A73FD4D4F68D55317BF0012F891
                                                                                                                                                                                                                      SHA1:8106D44142E242717CF0FC062D0D2371563165CA
                                                                                                                                                                                                                      SHA-256:5A0B1E32CFA292CB49BCB63009EFFC5A5A6A1471EDDDA3B3CD2CAF83591ECA43
                                                                                                                                                                                                                      SHA-512:54616E34185C52930D20D825130CF14BE0035E632836800F5DF815CB54CE1D4592A42051818C02C317F14EA478060193EB3069FFD86FC1F66C80DFC1F994745E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title">Credits</span>.<a id="print-link" href="#" hidden>Print</a>.<div class="open-sourced">. Chromium software is made available as source code. <a href="https://source.chromium.org/chromium">here</a>..</div>..<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):173936640
                                                                                                                                                                                                                      Entropy (8bit):6.736875593239721
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1572864:43g4ABgGo8IOghrKu55SywCkfhjkqmgEiWQD8ObMHNEuzOLswR8sg8xboxPHlCY1:/1ROr7Gw3j
                                                                                                                                                                                                                      MD5:19A61DB800E68F1BCB442D9B2531E6BC
                                                                                                                                                                                                                      SHA1:8DB886403CCE76625864D0BAA9633FFE7AB1A1B5
                                                                                                                                                                                                                      SHA-256:9334EDFD32548B49F53584139B06A68500BF46B54BA6B36A2E23FE4E1BAB6027
                                                                                                                                                                                                                      SHA-512:AF7AAB592541EFAF905DE683B65C99D8FB9A478380FEF503F8EB2DA5A8E65346C52021A7A988CD1AFF7F2BC8AFEDE9CC7A63A92FA9F93E02C4A6C06EB415FA67
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........."......~~..f......P.k........@..........................................`.............................................TT..Ya..T............B.4.D..........`..x{..........................h...(.....~.@...........0w...............................text....}~......~~................. ..`.rdata........~.......~.............@..@.data...PFE......"..................@....pdata..4.D...B...D.................@..@.00cfg..0............nK.............@..@.gxfg....B......D...pK.............@..@.retplne..... ........K..................rodata......0........K............. ..`.tls.........P........K.............@...CPADinfo8....`........K.............@...LZMADEC......p........K............. ..`_RDATA..\.............K.............@..@malloc_h..............K............. ..`.rsrc................K.............@..@.reloc..x{...`...|....O.............@..B................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Programs\unrealgame\chrome_100_percent.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):164116
                                                                                                                                                                                                                      Entropy (8bit):7.923076106829587
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:HzwJCGIekwQ6HBjO20FAXg6IL2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:Hzw1IekgBjO2FQpK18Gb0OV8ld0GecQJ
                                                                                                                                                                                                                      MD5:23713A5587CBC1054B56C45F5EED7CB6
                                                                                                                                                                                                                      SHA1:12D8CB62CB6E259B29E196DFB74D8432C4B9359D
                                                                                                                                                                                                                      SHA-256:BEBC30BA7FC60C7B904FBAEA6E635652385408C79E19175DFAC7EB165E950900
                                                                                                                                                                                                                      SHA-512:9B4DBF5266952421EA99F7B32F36EB35475EAE3194ED00AE5E62D9F423865CA035DE27C9F0EE7C1EE40E0B6C84FB8C947EB912EEFFA2D9C1AC30BE7CE2863C28
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:..........;.........]...8.....9.....:.....;.....<.....=.....>.....?.x...@.r...A.....B.....C.."..D..$..E.K/..F..:..G..<..H.,A..I.xD..J..G..K.3H..L.`K..M.PM..N..O..O..S..P..V..Y.,Z..Z..[..\..]..^.8^.._.._..f..`..g..f..i.(l..j.`p..k..r..l.Lx..m.`}..n.....o.....p.....q.-...r.....s.....t.{...u.....v.....w.....x.....y.E...{.....|....}.......]..................................&.................*.............................z.....s.......................'...X.....Y.....Z.....[.....\.....].r...b.....c.jH..d..R..p.zU..q.}W..r..`..s..b..t..e..u..k..v.(v..x..w..z.....{....|.G...}.....~.......C................;.....[.................7.....o...........=.................n.........................................a.....8...........<...........N.................E...........8...........8...... ..... ....."....$...v%...X&....&...^'...3(....)....)....*....+....-...d/....1....6....;....A....G...rM...6S....T....T...U...[V...$W....W....Y....Z....Z....^....c....d...od....d

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Programs\unrealgame\chrome_200_percent.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):248194
                                                                                                                                                                                                                      Entropy (8bit):7.950695016513651
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:PDQYaSN6svydgnWg0GpkQegx5GMRejnbdZnVE6YopSO4:UfSN6svyd6Wg0qI6edhVELoAO4
                                                                                                                                                                                                                      MD5:F3BA5BD3A7ACF1BA147F7E57C3D21CE8
                                                                                                                                                                                                                      SHA1:49D432820C0BD9801BA1E497E1C03DB785EA96E3
                                                                                                                                                                                                                      SHA-256:598738DE159E686C348BD1F0B75C82BB444C2B1BD3A6C9C6027CB960DDDAF63A
                                                                                                                                                                                                                      SHA-512:256791115B9ABF4E4817B1D18109ED566B444766E2A2C7678069FD3261158E956C0D6344A3D256EAEDED7DBCEB6E75E669E7A7862B6BAED8CE2A31748B206683
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:..........<.........b...8.....9.....:.....;.....<.....=.....>..%..?..*..@.....A.t5..B..9..C..B..D..E..E.aZ..F.$o..G.@t..H..~..I.....J.....K.2...L.}...M....N.d...O.....P.....Y.K...Z.....\.1...^....._.....f.....g.I...i.....j.....k.....l.(...m.H...n.....o.Z...p.....q.....r.....s..$..t.;,..u.o/..v.A8..w.a<..x..A..y..E..{..J..|..T..}..Y....._.....d.....i.....n.....q.....w....1{....c................................................2.....O.....%.........X.....Y.....Z.U...[.....\.....].....b.....c.&...d.q#..p.6&..q..*..r..4..s..6..t.f9..u..>..v..I..x.sK..z..S..{..Z..|..`..}.~e..~.`l....*n.....r.....v....F.....r...............r.......................s.................................*.....E.................W...................................5.....2.....P.....i...........[......9.....:....b?...ED...sE....G....H...lI....J...rL....M...vO....Q....S...uX...V`...7h...On...Ut....z........:....0....S....w............`.................|........7.........D.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4916712
                                                                                                                                                                                                                      Entropy (8bit):6.398049523846958
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
                                                                                                                                                                                                                      MD5:2191E768CC2E19009DAD20DC999135A3
                                                                                                                                                                                                                      SHA1:F49A46BA0E954E657AAED1C9019A53D194272B6A
                                                                                                                                                                                                                      SHA-256:7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
                                                                                                                                                                                                                      SHA-512:5ADCB00162F284C16EC78016D301FC11559DD0A781FFBEFF822DB22EFBED168B11D7E5586EA82388E9503B0C7D3740CF2A08E243877F5319202491C8A641C970
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                      • Filename: SalmonSamurai.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: SalmonSamurai.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: NativeApp_G5L1NHZZ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: CapCut_12.0.4_Installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: CapCut_12.0.4_Installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: AyqwnIUrcz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: nanophanotool.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: 9VbeqQbgU4.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: 9VbeqQbgU4.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...^.}`.........." ......8..........<).......................................K.....:FK...`A........................................`%G.x....(G.P.....J.@.....H.......J..%....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Programs\unrealgame\dxcompiler.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):22052864
                                                                                                                                                                                                                      Entropy (8bit):6.533287810009358
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:196608:t88wi5NIJpjkPmJU1cbrmgPS9lb0yZV+mzxPBdTpDdK6NLNfD0EfX:m0PIjVb49lb0yZV+mzhBdNDQyL5DHfX
                                                                                                                                                                                                                      MD5:6FE9B96ABEF9D3CD5BBAB1FDCDD9B041
                                                                                                                                                                                                                      SHA1:E6E8F72D6B3BB975C8557780F8D3A8B3EA8C53F5
                                                                                                                                                                                                                      SHA-256:B63145DCB330466A4C3B1516B79FB41E40E21225219A2A12A6764DC9ED749E26
                                                                                                                                                                                                                      SHA-512:80DE095D50B9DFBEC5F5AC1EB7B177A1E68AF70B432FF08F7E9F55D98413C724ECFAB5371BC8FC73B1A3BE83FD073826FDB24104EB1B65EC588AE9350E45EB3B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ..........G..............................................PQ...........`A..........................................".p...H.".x.... P.......E..............0P.......!.......................!.(.......@...........p."..............................text...6........................... ..`.rdata....<.......<.................@..@.data...,.....E..n....D.............@....pdata........E......NE.............@..@.00cfg..8.....O......0O.............@..@.gxfg....0....O..2...2O.............@..@.retplne......O......dO..................tls..........P......fO.............@..._RDATA..\.....P......hO.............@..@.rsrc........ P......jO.............@..@.reloc.......0P......nO.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Programs\unrealgame\dxil.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1508320
                                                                                                                                                                                                                      Entropy (8bit):6.5008958859073855
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24576:LCfhbh3v3mtZDiAQeWj26k41ob2nrZ1rqpegQDJqoZtp22GkmgA9u808jQPEdkr1:LCfhbh3v3mtEAQrW41obCraeRhy9ou6r
                                                                                                                                                                                                                      MD5:CB72BEF6CE55AA7C9E3A09BD105DCA33
                                                                                                                                                                                                                      SHA1:D48336E1C8215CCF71A758F2FF7E5913342EA229
                                                                                                                                                                                                                      SHA-256:47FFDBD85438891B7963408EA26151BA26AE1B303BBDAB3A55F0F11056085893
                                                                                                                                                                                                                      SHA-512:C89EEBCF43196F8660EEE19CA41CC60C2A00D93F4B3BF118FE7A0DECCB3F831CAC0DB04B2F0C5590FA8D388EB1877A3706BA0D58C7A4E38507C6E64CFD6A50A0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@AC.. -.. -.. -.OX).1 -.OX... -.OX(.. -.VU(.. -..R,.. -.. ,.. -.OX$.. -.OX-.. -.OX.. -.. ... -.OX/.. -.Rich. -.................PE..d...'..}.........." ........."...............................................@......H.....`A............................................l...l...P............`..t........%... .......o..p....................o..(....m..@............................................text...\........................... ..`.rdata..F...........................@..@.data....{.......T..................@....pdata..t....`......."..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Programs\unrealgame\ffmpeg.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2876416
                                                                                                                                                                                                                      Entropy (8bit):6.709900740965214
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:1eTZNTGSy5FwVA7VYV6vUFpt6MiXiPbff6yfb7BrYE9ynTIgHYZozh:1e3a6j6M70MiXKOIg40
                                                                                                                                                                                                                      MD5:6223533C300AB4552C933D0317E6AC5D
                                                                                                                                                                                                                      SHA1:E3A47CC14E09BAFA601B48049D4B69A2A7EB0557
                                                                                                                                                                                                                      SHA-256:94336FA0E27041E16A30CC44DF45C79A679B07892F5A06B00FF0E69B2B75C7DC
                                                                                                                                                                                                                      SHA-512:921411DC827FBE29C18B5BAEF2B2F1987805F70A68960F8A4CFA0D4E5D2E0E6CD91282D0961452C9035A731633A0AA2380B7D3FF5CD4F0C46A35E93825AF51F1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ......".........`........................................ B...........`A........................................h.*.....~.*.(.............@.H.............A..4....).......................).(...."#.@.............*.P............................text....."......."................. ..`.rdata........#.......".............@..@.data.........*.."....*.............@....pdata..H.....@.......*.............@..@.00cfg..8....pA......x+.............@..@.gxfg....,....A......z+.............@..@.retplne......A.......+..................tls..........A.......+.............@..._RDATA..\.....A.......+.............@..@.reloc...4....A..6....+.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Programs\unrealgame\icudtl.dat

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):10717392
                                                                                                                                                                                                                      Entropy (8bit):6.282534560973548
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:196608:hpgPBhORiuQwCliXUxbblHa93Whli6Z86WOH:n8wkDliXUxbblHa93Whli6Z8I
                                                                                                                                                                                                                      MD5:E0F1AD85C0933ECCE2E003A2C59AE726
                                                                                                                                                                                                                      SHA1:A8539FC5A233558EDFA264A34F7AF6187C3F0D4F
                                                                                                                                                                                                                      SHA-256:F5170AA2B388D23BEBF98784DD488A9BCB741470384A6A9A8D7A2638D768DEFB
                                                                                                                                                                                                                      SHA-512:714ED5AE44DFA4812081B8DE42401197C235A4FA05206597F4C7B4170DD37E8360CC75D176399B735C9AEC200F5B7D5C81C07B9AB58CBCA8DC08861C6814FB28
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html ......E.......E.......E..P/...E.../...E..P7...E...7...E...h...F...h.. F..Pi..0F......DF.....WF.....jF..P...}F.......F..`....F.......F.. ....F.......F..0....F.......G......G......(G.....;G..@...NG......aG.....tG.......G.......G..@....G.......G.......G.......G..P....G.......H.......H..P...2H......EH..`...UH......hH......yH..P....H.......H.......H..`....H.......H.......H..P....I.......I......-I..@...=I......PI......aI..@...uI.......I...0...I.. 1...I..p1...I...e...I...e...I...i...I..`i...J...i..)J...K..BJ..p...^J..."'.uJ..P.'..J....'..J...5'..J..06'..J...>'..J..P?'..K...D'..K...F'.0K...H'.IK...V'.hK....(..K....(..K..P.)..K....)..K..pW*..K..P.*..L...*+.?L..p.+.bL....+..L...U,..L....,..L....,..L....,..L..@.,..M....,.-M..P.-.IM.. e-.`M...e-.~M...R/..M.../..M..0.0..M..@.0..M..P.0..M....0..N....0.!N...,0.9N...,0.NN..0-0.fN...-0.vN...Y0..N...Z0..N..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Programs\unrealgame\libEGL.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):478208
                                                                                                                                                                                                                      Entropy (8bit):6.347615495434683
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:O8vfPFlvIomFGAlhralH6ofMNvF/r467Us6:O+1lvDMGAlhrAS1r4HX
                                                                                                                                                                                                                      MD5:6B974DA2331647B01E32E438481B1168
                                                                                                                                                                                                                      SHA1:44342DE39334B6BDACE4E41574A12D12B1FCEEFB
                                                                                                                                                                                                                      SHA-256:0BF8B76DA4EE066028F6DD29D6187D66029DD42256C9FFFCA376C397F1FE6224
                                                                                                                                                                                                                      SHA-512:76FF196F0E410B2496D98E803DE26A33456224A645A9E8B306428CBBE7775379FBFA2D6141D7D9F7A3B92E81B279C442B6AAF91890A2A92A38219CB8B6384870
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ..... ...&............................................................`A............................................h...X...(.......x........A..............H...L.......................0...(...@1..@............1...............................text...j........ .................. ..`.rdata......0.......$..............@..@.data....K....... ..................@....pdata...A.......B..................@..@.00cfg..8....`......................@..@.gxfg... &...p...(..................@..@.retplne.............2...................tls....!............4..............@..._RDATA..\............6..............@..@.rsrc...x............8..............@..@.reloc..H............>..............@..B................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Programs\unrealgame\libGLESv2.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):7628288
                                                                                                                                                                                                                      Entropy (8bit):6.4818122553892525
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:98304:ROgcDZUZuebM3uTiJAELjFC6YC2qyJFCoGkAp8UDw3XdCH:TXbMTyELjT2T9Xd0
                                                                                                                                                                                                                      MD5:F60247C298B280124A8D7705153B82C9
                                                                                                                                                                                                                      SHA1:4887CD33F66B8237CC427F5C5286AB5E8CDA6583
                                                                                                                                                                                                                      SHA-256:3E1084D0904D02D80FFD1039D0F6F9AF83771950A48D082AF438A4F018817838
                                                                                                                                                                                                                      SHA-512:0B40B6D06E01C46381169DFBB9154CCFFD9A9FB3F14D6C3EF9CCD2CAD9F1993AE8667630044BB57D3D837E405933233FBA8C2A6F8714C1FCB11FA14668DC04EC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ......Y..F.......1L......................................pu...........`A..........................................k.......l.d.....t.......q..Y............t......dk.....................pck.(....1Y.@.............l.......k.@....................text...U.Y.......Y................. ..`.rdata...T...0Y..V....Y.............@..@.data...t.....m......tm.............@....pdata...Y....q..Z....p.............@..@.00cfg..8.....t......Xs.............@..@.gxfg....,... t......Zs.............@..@.retplne.....Pt.......s..................tls....B....`t.......s.............@..._RDATA..\....pt.......s.............@..@.rsrc.........t.......s.............@..@.reloc........t.......s.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Programs\unrealgame\resources.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5490791
                                                                                                                                                                                                                      Entropy (8bit):7.995643167540278
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:98304:jWl9sXMTWPVcz+cd312MEqUdgpEGh1SK/P3UyoMLX5urwrAs9svQAqBDjhEfz3hr:jWTsXMydB831EqXhMK/P6kX5ukr1AYDS
                                                                                                                                                                                                                      MD5:1F8CC7B280B1BA74E784B2FF7CF74F95
                                                                                                                                                                                                                      SHA1:602CF5248E8C47D803480B1BF21A674E4D22D2B9
                                                                                                                                                                                                                      SHA-256:8B6EFFC81CFB127E62C4D89681DC5764DB013429769D792A25588773C8834697
                                                                                                                                                                                                                      SHA-512:4F8FE54BC3B80F40745844656895261AF11D96800DD5B472065867F88BFD78AE5D7754709FF566B79E6F75257E2685153E2EFCDAE46D95753A30EE3E48870A49
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........2...f.J...{..)..|..,..~.40.....B.....D.....F.....Q..........K.....r...........G.................H.....-.....Z...........(................<.....<j....<.....<.....<N....<.....<.....<y....<.....<.3...<.:...<.>...<.>..2=.>..3=.B..4=|D..;=.I..<=.R..==pa..D=....E=u...F=....H=....I=....r=K...s=F...t=....u=....v=....w=....x=.....=.....=E....=9...8E....]Eg...^E...._Et...`Ek...aE+...jE.&..kE.8..lE.J..jJ&S..kJ._..lJ.g..mJbk..nJHn..oJ.x..pJ.z..qJB{..rJ.|..sJ....tJ....PK+...QK....[.....[.....[.....[.....[<....[.....[.....[."...[.1...[.5...\.;...\dJ...\YM...\.R...\.S...\6U...\.V...\._...\.e...\vk...\nv...\.|...\.....\.....\....\.....\....\p....\3....\.....\.....\N....].....].h...].m....o....r..............7........7....(...................................I....1.........................O.....%...........<.................rw................T...........b.....u.....b...........2........".....#.....d.....e.D...f.....g.....h.....i.\...j..!....E%.....%..Z.....d..q..e.2u

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Programs\unrealgame\snapshot_blob.bin

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):272982
                                                                                                                                                                                                                      Entropy (8bit):4.234290196619715
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:EfEczYp4bhaz8L97I+sTDqFCDx8MayiOCY7nf4ZAqi:EfNzHbhaM1I1I6813OCQ
                                                                                                                                                                                                                      MD5:08C765BF4BA4206CC16E99E123F57DFB
                                                                                                                                                                                                                      SHA1:498D5DD5FE194943E59E63F3135FBA893CA419F7
                                                                                                                                                                                                                      SHA-256:640A40221B1684C5EA7C4887ADBF64FE281A6DC5F3195002824A9193E7C10BCA
                                                                                                                                                                                                                      SHA-512:5278DB9E2B04E65CE6EC3FB3B3CD81DC37DC3DBA94E042634A71FAD0AFA8B11691B13F2BFC447FCBCD29D155C9F187CCEA672310FF44DAFC4400FF792B660DC6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........P..X....11.9.169.4-electron.0............................................J...a..~z..........PJ..a........a........a2.......ar.......a8.......a............m...rm....m...2n....n....n...Ro....o....p...rp....p...2q....q..(Jb...*L.....@..F^.5..9.`.....(Jb....P.....@..F^..`.....H...IDa........Db............D`.....1.D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.......................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Programs\unrealgame\v8_context_snapshot.bin

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):636225
                                                                                                                                                                                                                      Entropy (8bit):5.200768198034184
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:nmin78TFFswIRyWKeCi79t4LiysPkxuTGmv:nb72FAyWKeCi79mLiys8xGGmv
                                                                                                                                                                                                                      MD5:0FFBF3A05A1B056924081B7788FECF4B
                                                                                                                                                                                                                      SHA1:E29FC98F8FAE7BA7128F1E2C0F21F4FBA39026BC
                                                                                                                                                                                                                      SHA-256:4B259A5932453F5828CAC0BAD68B8639AC63F5078CEC1849711DC933B5A5DBE4
                                                                                                                                                                                                                      SHA-512:5C0B0D2ECCB87608E8F93F36A68BA3759E83C10E11F38C910ACB53E1003519AC5B9617A946AE0BD9DBDAAE7200FAD292FA71C2BC59622AC3951A68B3BFDA5D8C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........6..An...11.9.169.4-electron.0....................................................G.......d..........0...a........a........a........ar.......a8.......a............m...rm....m...2n....n....n...Ro....o....p...rp....p...2q....q..(Jb...*L.....@..F^.5..9.`.....(Jb....P.....@..F^..`.....H...IDa........Db............D`.....1.D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L...............................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Programs\unrealgame\vk_swiftshader.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5161984
                                                                                                                                                                                                                      Entropy (8bit):6.3620594803462724
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:i0RrhILSORs1a6fjFDye6GF6tr/sELa0xsEpm+PUdHuogL/1yVmHESrFo7Ta6CJS:LJhI+7OO+YoBksJP2Krhf3
                                                                                                                                                                                                                      MD5:739872A8FDFD9C979BC88BC40710BA00
                                                                                                                                                                                                                      SHA1:9A68890AFDDD899B09C084D2D50BBC3894FDDA74
                                                                                                                                                                                                                      SHA-256:EA3EB4945DC55DFD0022F43E8852290EF37421C68CDDEA02268509F2FB2F33B8
                                                                                                                                                                                                                      SHA-512:2AF3A229DC3422858927D98289B0FE2423F69C2EB10176A28FD4B5833E61D2B2F69E47C7844681F3127AD0CE1BEF4FE89DF39A1D81831C499339E8CEAFA8AC39
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ......>...........6......................................PP...........`A.........................................!J.~...FAJ.P.....O.......M.le............O..}....I.......................I.(...@A>.@............EJ.P............................text...G,>.......>................. ..`.rdata.......@>......2>.............@..@.data...P.... K.......K.............@....pdata..le....M..f....L.............@..@.00cfg..8....PO.......N.............@..@.gxfg....-...`O.......N.............@..@.retplne......O......:N..................tls....Y.....O......<N.............@..._RDATA..\.....O......>N.............@..@.rsrc.........O......@N.............@..@.reloc...}....O..~...FN.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Programs\unrealgame\vk_swiftshader_icd.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):106
                                                                                                                                                                                                                      Entropy (8bit):4.724752649036734
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                                                                      MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                                      SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                                      SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                                      SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Programs\unrealgame\vulkan-1.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):948736
                                                                                                                                                                                                                      Entropy (8bit):6.590960354245508
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24576:OdN5R4voSsQpKFZODRx6Z5WdDYsH26g3P0zAk7uIk:8NZSsQp11x6Z5WdDYsH26g3P0zAk7uR
                                                                                                                                                                                                                      MD5:1F366A987240BDB065BCCABB6665D45F
                                                                                                                                                                                                                      SHA1:C1B8E62D6A8D963EDB4A60C662FDDDD86B727448
                                                                                                                                                                                                                      SHA-256:4B3FCD25A41E5F6677337089A99EE024DA510EAE75DFEFA52B496934A9553880
                                                                                                                                                                                                                      SHA-512:333F99AC95CF62F0112760C9898A90DBE9EE0930844038B53CB8308F10A5573ED258F3211EEE5FD280210E007BF0A40ACE4D4E1959A1BE728D7FD1D9E46BF8BC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ......................................................... ............`A........................................h...<!...&..P................p..............L...............................(...@...@............*...............................text...{........................... ..`.rdata..............................@..@.data...(M....... ..................@....pdata...p.......r..................@..@.00cfg..8............6..............@..@.gxfg...P).......*...8..............@..@.retplne.............b...................tls.................d..............@..._RDATA..\............f..............@..@.rsrc................h..............@..@.reloc..L............l..............@..B................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\23eef54b-8510-4bdd-88c9-9c94a0539b1d.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 12587
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3280
                                                                                                                                                                                                                      Entropy (8bit):7.938673637935802
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:sqkKZz8Yel0T0Lep/NRoRl18zr9eAberZq:z0l0T0LvYr9Fbe1q
                                                                                                                                                                                                                      MD5:D1C42E18C3C565B93F63D1D3BD5354A4
                                                                                                                                                                                                                      SHA1:F70CFDCE1FD8DB93B7E4FA89FAE1D42F64516338
                                                                                                                                                                                                                      SHA-256:2E647EE00104BE49B63358AD01DA9D70AA32E36D56329663442B023B88806458
                                                                                                                                                                                                                      SHA-512:6522273071CB7F51EA7E8A86206814B4C9EFDD2F699DA5BF469062448E8E31C84D7567AA7F0AF7FB3E550238C8BB830555099EA2B97DB35469AEB807DBB7C685
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:...........Zmo.6..._.-..i.r...h.\....h.,b......ms#..H%...7....%.d....-K.pf8....j.._,.6.I...wo.hFIg..9K...O.G.QD. A.*h.@Co..Nnv.......D..d.._2..O......3&..i.P....;..4.iH.K.a.......4.ir.K..1.S.4.i....}J....`.#..Qoo...{.[.\.(y....&..N.c!....y..=kw~....t.?.]..p..].S.....g.....].....N.|...x..X.w...Y....k.t..{dq.../.<.}....DY......m.v..A..n....G...'.qD_...z.?.x7...}..%.{d.1.r!.[.).......[...........x...7_..L./..wG?....r..\.[...J.......2......n.~X4.x!>.<.._.....L..1|....VQ......Sb....-k.m...~.......vx.....}.E........KP.j.....,-...HN.4...(Ic.gJI.+...rNi8.....w.0.....^%....J..B".~.k..l.k.A.Y`..!..v.....a...W.1q&F..$...D&g.6`..!..X.0P...?..., ./}".4`.. 1..nv=E0.ph....?..C.fQ.w.N..C5XO$.+.......X....\mW...'Mw.}..(.<..*..r....Y8.....q7.....P?\v.$8/.a..LT.W..HPg.../.(x..v.j..F..nXD.A...5.)i.g..<.@.q_...._.......F.8.q..`B.L...Qj@.....B>.......N....>......P.9R.....).E......i6!..].!......][9......."..<..R.G_.t,....q....3..|Auf(..'T.IL.|N........gz...l.#.z.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\5a9c282b-ef39-4af3-8fe8-5806dd03ee4a.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 121864
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):174560
                                                                                                                                                                                                                      Entropy (8bit):7.998398658634537
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:3072:vvYl520XQ6h55ze76F+23csIMciO6N0KokV2ZmhAjMVCnEgkezh:a52/6h3quH3cHMKKoc2yAKCEa
                                                                                                                                                                                                                      MD5:B705E30DC68D6D076786862B8A96D0F5
                                                                                                                                                                                                                      SHA1:C76C19A723F1B8492A3D38E89C3F1781E27EF13A
                                                                                                                                                                                                                      SHA-256:5F35EF858538EA0F410F8F886E0B04C520273B60EB5D74CE5DA9894B91C18C3C
                                                                                                                                                                                                                      SHA-512:3C55EE4CD74A8B8106CC129C3ABC86EF397A9819F4FDE251F2EDB416A447BDCFBE58E0B90190F6B38C9AAF03FEB4B8766A1493B5610DD4326D094624D21C9F87
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:...........}{..6..W......b$;O*....4..Ij;I...M..."U......<.R..t.........`^...fy,."w..gV.N%.4..."*;<...2.:....S@.t..^...;. ..J@.g......?...3.]'.D.M.Q.x..b..F.o.?.....lx.R._........;...:...]q......9..Ck.0.....a.a(....u.b.eG...K....Q..~......Fw.XU..z.8...&.t..4O.K=..5..4...(..[.C.F.K...,G..C...3s.g_..j..O...G...cYLy)...v~\........a...r..#M..O.(..x.U....0...;....}O...#...\..I..oL..:J'.........g...0.o.~.........z...'1....H...].;....;kz.8 .,O.(.yRo.FV.u|../..`k..a.....8..n4J.[..^....eu1.y.Q...iY."..P._QO%...)..i....t.*`=....E/D..r...5...^(g-....6..]g......Yw..|...u.9.Xn"q..@...h..P...8.Q....E,q9.f.R_.0$.9.....aK.7.S.:...P".,3__...y(..tw.b`.,.xT"R..i......`....:e@5......y[.....F....|...,..q.#.w3..UuZ.p.<..E.......A/.o...o...F.|......,.....9....|.M>..>.%.`4...z..aU4...RV..../.S(....e..0..7.,..C...L..P.+..K......K..>.P.4..AuW.].,. .c..'...x/....zS.S.LG._.:p...c...5.....17..t..j.|.J.1....NZ@_N.'% .<..(.....wZ.i.W......4.,t...[.:fp*..r.......&..e

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\77d22a10-bffc-4dc5-99e7-4fbb607cb190.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 43805
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):28748
                                                                                                                                                                                                                      Entropy (8bit):7.9918576871001425
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:384:SU7ZPeF1W3JgUrqaO/8dOcbwy59NjS5BMYGYycIfPhrVx2NtsEeSeFzVXe/rxd:H7peFkZL9RZSz3gnhhGcpXetd
                                                                                                                                                                                                                      MD5:2A37AD0EC191D53104BB46953AC6C43C
                                                                                                                                                                                                                      SHA1:FD23FFC5B7E4A6B45FBD88A486D15FAA51DC07AE
                                                                                                                                                                                                                      SHA-256:51F075EB69486CB23B32A0776782B4A1B2AF204429AB94510469E02B115E56CC
                                                                                                                                                                                                                      SHA-512:AEB91CB7902A800D7B0C43627EC2B52121BC41BA29A1B6ABEDBFCFA4802254A0594ED239EA7A3F8D40241E43D436428D1E4AC117BD97269D78460F82F9BDCF68
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:...........Zms.6..._..p..[.(.b[...M....N{..t ...S.......v...H.q.g:....]...p..6I8_d...C.\p.X$.2.p.g.8I}8.".D)$<..O...}.J9.3..a.i.'...x.....5O...x......I.M.!.'\.l.2.0.cN.fq....\......7..,......>.p...w&.KS.......(O.V>......O.r..V~J.`....U(..Y..MIy..w..g0e......D.,L..y..N.+..._....O.h.]...V....r................O.|.:....Li..>COy......N.h.......R....Q%.,Xr.y...G8=.A....!8(..L....c....sA....t.Vl:...v...G;...^.l...#.t.>...k..d..kr...B......Pb.0*..!..;9.....:~....j;....j.*O..!B......?....^.]....;...[.g.B...%..'.7;.9.>..gP. p8...:.5l.Y.....Jp..R,.?..b..8O......h.X(..G.).Cz.C..%....x.ET.....AEi.../..0.. ....k.*t...wl..e...H.i.F.....?.....z...?..........(../.O..R.?.4..7...j ..Q.....l..ob!..A..j...@..!).....K...MW.U.N.......W..Bh'8.'.y....Y.[o...PI..W.*...i...r.e..=.k^.WC..Uy.j..687^.z.#u5.4O...........-j.j3..L.1..F...8.......@l.9.c.aGC.R.&..j.Q-av?...[4.E..T8....u..+9.<.n.Qw.D..N..S..3.D...... .%C.j.7.Y.s(.0wq.ZI.#''#..[K.GJ ....4.....?

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\7m9uz3mai4sr.zip

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):304
                                                                                                                                                                                                                      Entropy (8bit):3.351987889007718
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:vhjP1/tas4K5jP1/t9lojm9P1/t3EWVArn3td/tXXvK4KV3td/t9l4CluRmNtd/Q:5jaS5jg000WB/cVCmIfWSB8lC
                                                                                                                                                                                                                      MD5:10432660945CFF004942F8EDF3913148
                                                                                                                                                                                                                      SHA1:89EFCA3600757F10E92326C6489E00935A043945
                                                                                                                                                                                                                      SHA-256:A89A734C80D6CFCAB04E9FFA30BCD2C98B8EB7014CB21B7D437B8D0E8C9FB4B4
                                                                                                                                                                                                                      SHA-512:018730BF9830EE5CB993E0F154DA1F7AC101DC4E6C239BA79A65317D569BB6FD00E788F1518F05C99ADEE7CF7A42E897B20D230C1B45BD50FADEE7FDC91093F6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:PK..........$Z................Autofill/PK..........$Z................Cookies/PK..........$Z................Passwords/PK............$Z.........................A....Autofill/PK............$Z.........................A'...Cookies/PK............$Z.........................AM...Passwords/PK..............u.....

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\9df84408-bfd2-448c-a20b-cc4d0668d0e6.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 16707
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4015
                                                                                                                                                                                                                      Entropy (8bit):7.942829486244974
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:6qO65dFso15wMvxpjQsGOm04jp7VFt5luSMa7AAlUzb37:XH5ko1qMgcm0kV5dMdVzb37
                                                                                                                                                                                                                      MD5:157FA9B3914DCEF8DADF132F7C41682B
                                                                                                                                                                                                                      SHA1:4BF449A8772CA6591FECD5F85FF6230E68D1D0D2
                                                                                                                                                                                                                      SHA-256:0D0594A2FD1B90F179081B6261FEB6D113C99C81A854BC7418D7AFB935AF2F46
                                                                                                                                                                                                                      SHA-512:36445F35CE2D1756E56397A51D791D7C2B03C2D858A3E9A3385AF6DF9D1F664D8F21E11F5B71ABC399DB914CA2B947713A722E068269AA0B0FEE80A23EC44985
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:...........[ms...~..w."..i_:.t.q:.L...G/.\....!.1E..iGM..x#........;IX,..........v.....y.#t./3B.*..-..<&..zI.8.E..8{.....4G.`.c0...Ct........NO......&a.".._..$.S...LR..]..1...;.Xp8.p...).S.......s9...&..GWA.].NXD19.l.}I0..MJ.w.../6.hI"...d[.w..v4......h2.......j.]...Q......|..~?.8..<.&@.u)ip5..f..t0....{...h.L.....Q.s....\.x..i>......t...M..{.*Z>.......f0..*^_W....ljS..O..),{.R..u..u.F....4........0.....K.+.&$.(.1."..x}"Y..I.Fa.C.#N.N..|.H..'..d...r.nQ.A..i.c.'.R....1Y..........1.=..'.[.._s.....`G`i.70+...X.$.!.oB.l..`m..|ec.bL.R4.r...E.|(I.,#Y.dtY.V8.....@.1..q..q..qO.0.....j.[).e..M.}..&i.....n..{....|:...2.5-q..IXi..U_...."K.....P.j.e0..<.p$..3..>...o...4......;Och...x...FY.......E...`A..5.."..\P..o....&a......op..>.d.3.HWh..'.=.....m.K....V.....4..U.3...a.....y..0]b..-..va..P......wd.;..t.1SgV.s.>...V.J.JE..S...+.H.I..lq.E.!....B...-.K.B..._.....X......0..z..V,...8rt.{.."K.g5....-@..*.0-.....w.....)......4+v..P=...-.>.....>R.....Z.A`.......

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\Chromium_Cookies.zip

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):510
                                                                                                                                                                                                                      Entropy (8bit):6.42978340032349
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6:5jM2cOxIxISDq3Oh3FinuCHarlUtiC9b/PvtgS+8DjWDK8sLGCvRdu8te2cOVOx7:5ju6SDUbHeyFXO8S5s6C5HFO6SdG/g
                                                                                                                                                                                                                      MD5:6812CDCB5B21C9B58133F2FDD083C01A
                                                                                                                                                                                                                      SHA1:721312B9E38FD7EE4A75A12E5036F4AC1A3BA105
                                                                                                                                                                                                                      SHA-256:5B0F9296CC2A499E7E824DB11E4B7D8CC3088FC1D291F15631DD0B8CAFA4D014
                                                                                                                                                                                                                      SHA-512:7CC513DC0C5C9B9837CB40B558B9FC159299F1D4C973D6D26E0AE3F3A5AB7AC85A611C4F27F499862F169D02BDA482C46DBF0C9A17D7258A1DF38F2C9622413C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:PK..........$Z................chrome_default_Cookies.txtPK..........$Z..n.............edge_default_Cookies.txt...K.@....?.[...G.B...Y-T.|x...M+Hb1.m.x#..%.2..7.yo.Nq?...g.n+b....]4gm.....V.]......{&V._.7e<M...[7.n..*...f.c..;.i(...E.u...D.B.H..6.....gW.......A.A.%</.l.r.X,.xh6.8qSpeIAf C0.Q.'=?.......]G,..w.V....`.HJ. ."..HK..H.K.;.Fzb..PK............$Z..............................chrome_default_Cookies.txtPK............$Z..n.......................8...edge_default_Cookies.txtPK..............Z.....

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gnrakw1i.yuz.psm1

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_npughdlg.yrd.ps1

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\all-files.zip

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                      File Type:Zip archive data (empty)
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):22
                                                                                                                                                                                                                      Entropy (8bit):1.0476747992754052
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:pjt/l:Nt
                                                                                                                                                                                                                      MD5:76CDB2BAD9582D23C1F6F4D868218D6C
                                                                                                                                                                                                                      SHA1:B04F3EE8F5E43FA3B162981B50BB72FE1ACABB33
                                                                                                                                                                                                                      SHA-256:8739C76E681F900923B900C9DF0EF75CF421D39CABB54650C4B9AD19B6A76D85
                                                                                                                                                                                                                      SHA-512:5E2F959F36B66DF0580A94F384C5FC1CEEEC4B2A3925F062D7B68F21758B86581AC2ADCFDDE73A171A28496E758EF1B23CA4951C05455CDAE9357CC3B5A5825F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:PK....................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\c0148fd8-a43e-4c8e-8fe6-acd97bf69699.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 12280
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3110
                                                                                                                                                                                                                      Entropy (8bit):7.933903341619943
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:0MWjN1CDThRYxENcEvyGF/8WAr6Fv9MFghzqSl:0MWjN1gRYavR8WjMFQzqSl
                                                                                                                                                                                                                      MD5:A83A2746B84F1CF573B02965B72ED592
                                                                                                                                                                                                                      SHA1:85CC572D6F90029EB99AAFA56297D1BCA494313A
                                                                                                                                                                                                                      SHA-256:DF4B53C1C7C48E80753D4945E6EC7847084F51BF57F0ED9D341326C74651D6EC
                                                                                                                                                                                                                      SHA-512:C287F479EF572A06FF191C4E9A8A718507C97A2A45CB265D7DC65DD7922B80D36CE7660EC5D7EA9F3D1F1EF71C51C3E4F3D7973754F97A89B4F14D1B1FDE70DE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:............ko.7......J...../..v....... ....zE.\+.T..f..%wW.$........p8/.....z..|a...}.#y.`.l..7Kr..T:'.UE,.&.i..Y............h...B.....gJ....%.\.?.f]1R..@3.jHA..eHi&.Q..`....g.__?'3^...@~X..a8............UN..%...&.F..K19".Y:.).L.L..WL..xxD>.P@ ...&'..j..)%.Q\..<!.3n.<#....;.gd2.LZ....x.m&.e.`&;.KX..."...<G....8.R.jsd....g.)..?.$=UVT...#.+g.!.......R..1..#D.k...3.Bj3iT.....*.M..L....}..S.K.....zi..n.A{......n..o.0j..q...w...3.7.N..].>...zK..sr1#.d..Tk..ckB...<....j.a.M1oe.9.jIQ.y+...6.....]....v.X.......q.....a>...2`.WV.v.'..~.3*.4.'8...hkT.H..9SOIF.%...;n.6.U....i!...2v.9/.;.....R..8.(..L.b....aY2ps% ."...x.V..Y[.h.....^.........U.....p.'.&m.....6..%pWE....:..o.k...<.....5....j.I...*9...f..3.....-..0..D;......*S.td/...........^_.v.)y ..Uf..q>.v2...0....o....Y%5;.5fn..{.......p_......B..V.......D.Y.l....q 3...sm.b..!..E....a. &.w.-.s..>..M_...`.0..k.!<SH...9$.....V.\A$..}..8....#`...,...3.W..k...\..xH.1).~.Y.L1.O...\.....k.....s..i+.....).0

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):476
                                                                                                                                                                                                                      Entropy (8bit):5.189118260209911
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12:3op0MCJjopYxVFPopYzhlnW/ppYxTpKopYxffBopYzAfWpYz3VPiSyZpYzR:BpV7nW/8TK3Qlhv
                                                                                                                                                                                                                      MD5:774EB4883EAA318A14B9F3AEAA857689
                                                                                                                                                                                                                      SHA1:9B328E05B60CE3304246416ADA890F8D94EE43B8
                                                                                                                                                                                                                      SHA-256:8802B35E77BC439C52CE277253058FD13B87C163419B49FCF287E5ACB3EF8804
                                                                                                                                                                                                                      SHA-512:410DDE6FC20834EAEC57CBE8A9595C7B6E7BFB847E9332324A449E66D3A19A871475DE040C80E5229AD5B03EA19A5417E746F46012338ABDE578C24C124814C5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:ntp.msn.com.FALSE./edge.FALSE.0._C_Auth...msn.com.FALSE./.TRUE.0._C_ETH.1.ntp.msn.com.FALSE./.FALSE.0.sptmarket.en-US||us|en-us|en-us|en||cf=8|RefA=19F5AB25BAD74D4DB73E1DDA8202D456.RefC=2025-01-04T23:21:32Z..msn.com.FALSE./.TRUE.0.USRLOC...msn.com.FALSE./.TRUE.0.MUID.0E06C04AE429629D26D5D520E545638F.ntp.msn.com.FALSE./.FALSE.0.MUIDB.0E06C04AE429629D26D5D520E545638F..msn.com.FALSE./.FALSE.0._EDGE_S.F=1&SID=1E333D217C816EE53657284B7DFB6F63..msn.com.FALSE./.FALSE.0._EDGE_V.1

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\LICENSE.electron.txt

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1096
                                                                                                                                                                                                                      Entropy (8bit):5.13006727705212
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                                                                      MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                                                                      SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                                                                      SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                                                                      SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\LICENSES.chromium.html

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:HTML document, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):9171467
                                                                                                                                                                                                                      Entropy (8bit):4.787763754813168
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24576:MZS6w9635kuWSo8RptCNlmfzJ626a6Z6h6myH6Eppl/:MLFNSd
                                                                                                                                                                                                                      MD5:D4800A73FD4D4F68D55317BF0012F891
                                                                                                                                                                                                                      SHA1:8106D44142E242717CF0FC062D0D2371563165CA
                                                                                                                                                                                                                      SHA-256:5A0B1E32CFA292CB49BCB63009EFFC5A5A6A1471EDDDA3B3CD2CAF83591ECA43
                                                                                                                                                                                                                      SHA-512:54616E34185C52930D20D825130CF14BE0035E632836800F5DF815CB54CE1D4592A42051818C02C317F14EA478060193EB3069FFD86FC1F66C80DFC1F994745E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title">Credits</span>.<a id="print-link" href="#" hidden>Print</a>.<div class="open-sourced">. Chromium software is made available as source code. <a href="https://source.chromium.org/chromium">here</a>..</div>..<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\YoransSetup.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):173936640
                                                                                                                                                                                                                      Entropy (8bit):6.736875593239721
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1572864:43g4ABgGo8IOghrKu55SywCkfhjkqmgEiWQD8ObMHNEuzOLswR8sg8xboxPHlCY1:/1ROr7Gw3j
                                                                                                                                                                                                                      MD5:19A61DB800E68F1BCB442D9B2531E6BC
                                                                                                                                                                                                                      SHA1:8DB886403CCE76625864D0BAA9633FFE7AB1A1B5
                                                                                                                                                                                                                      SHA-256:9334EDFD32548B49F53584139B06A68500BF46B54BA6B36A2E23FE4E1BAB6027
                                                                                                                                                                                                                      SHA-512:AF7AAB592541EFAF905DE683B65C99D8FB9A478380FEF503F8EB2DA5A8E65346C52021A7A988CD1AFF7F2BC8AFEDE9CC7A63A92FA9F93E02C4A6C06EB415FA67
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........."......~~..f......P.k........@..........................................`.............................................TT..Ya..T............B.4.D..........`..x{..........................h...(.....~.@...........0w...............................text....}~......~~................. ..`.rdata........~.......~.............@..@.data...PFE......"..................@....pdata..4.D...B...D.................@..@.00cfg..0............nK.............@..@.gxfg....B......D...pK.............@..@.retplne..... ........K..................rodata......0........K............. ..`.tls.........P........K.............@...CPADinfo8....`........K.............@...LZMADEC......p........K............. ..`_RDATA..\.............K.............@..@malloc_h..............K............. ..`.rsrc................K.............@..@.reloc..x{...`...|....O.............@..B................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\chrome_100_percent.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):164116
                                                                                                                                                                                                                      Entropy (8bit):7.923076106829587
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:23713A5587CBC1054B56C45F5EED7CB6
                                                                                                                                                                                                                      SHA1:12D8CB62CB6E259B29E196DFB74D8432C4B9359D
                                                                                                                                                                                                                      SHA-256:BEBC30BA7FC60C7B904FBAEA6E635652385408C79E19175DFAC7EB165E950900
                                                                                                                                                                                                                      SHA-512:9B4DBF5266952421EA99F7B32F36EB35475EAE3194ED00AE5E62D9F423865CA035DE27C9F0EE7C1EE40E0B6C84FB8C947EB912EEFFA2D9C1AC30BE7CE2863C28
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:..........;.........]...8.....9.....:.....;.....<.....=.....>.....?.x...@.r...A.....B.....C.."..D..$..E.K/..F..:..G..<..H.,A..I.xD..J..G..K.3H..L.`K..M.PM..N..O..O..S..P..V..Y.,Z..Z..[..\..]..^.8^.._.._..f..`..g..f..i.(l..j.`p..k..r..l.Lx..m.`}..n.....o.....p.....q.-...r.....s.....t.{...u.....v.....w.....x.....y.E...{.....|....}.......]..................................&.................*.............................z.....s.......................'...X.....Y.....Z.....[.....\.....].r...b.....c.jH..d..R..p.zU..q.}W..r..`..s..b..t..e..u..k..v.(v..x..w..z.....{....|.G...}.....~.......C................;.....[.................7.....o...........=.................n.........................................a.....8...........<...........N.................E...........8...........8...... ..... ....."....$...v%...X&....&...^'...3(....)....)....*....+....-...d/....1....6....;....A....G...rM...6S....T....T...U...[V...$W....W....Y....Z....Z....^....c....d...od....d

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\chrome_200_percent.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):248194
                                                                                                                                                                                                                      Entropy (8bit):7.950695016513651
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:F3BA5BD3A7ACF1BA147F7E57C3D21CE8
                                                                                                                                                                                                                      SHA1:49D432820C0BD9801BA1E497E1C03DB785EA96E3
                                                                                                                                                                                                                      SHA-256:598738DE159E686C348BD1F0B75C82BB444C2B1BD3A6C9C6027CB960DDDAF63A
                                                                                                                                                                                                                      SHA-512:256791115B9ABF4E4817B1D18109ED566B444766E2A2C7678069FD3261158E956C0D6344A3D256EAEDED7DBCEB6E75E669E7A7862B6BAED8CE2A31748B206683
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:..........<.........b...8.....9.....:.....;.....<.....=.....>..%..?..*..@.....A.t5..B..9..C..B..D..E..E.aZ..F.$o..G.@t..H..~..I.....J.....K.2...L.}...M....N.d...O.....P.....Y.K...Z.....\.1...^....._.....f.....g.I...i.....j.....k.....l.(...m.H...n.....o.Z...p.....q.....r.....s..$..t.;,..u.o/..v.A8..w.a<..x..A..y..E..{..J..|..T..}..Y....._.....d.....i.....n.....q.....w....1{....c................................................2.....O.....%.........X.....Y.....Z.U...[.....\.....].....b.....c.&...d.q#..p.6&..q..*..r..4..s..6..t.f9..u..>..v..I..x.sK..z..S..{..Z..|..`..}.~e..~.`l....*n.....r.....v....F.....r...............r.......................s.................................*.....E.................W...................................5.....2.....P.....i...........[......9.....:....b?...ED...sE....G....H...lI....J...rL....M...vO....Q....S...uX...V`...7h...On...Ut....z........:....0....S....w............`.................|........7.........D.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\d3dcompiler_47.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4916712
                                                                                                                                                                                                                      Entropy (8bit):6.398049523846958
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:2191E768CC2E19009DAD20DC999135A3
                                                                                                                                                                                                                      SHA1:F49A46BA0E954E657AAED1C9019A53D194272B6A
                                                                                                                                                                                                                      SHA-256:7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
                                                                                                                                                                                                                      SHA-512:5ADCB00162F284C16EC78016D301FC11559DD0A781FFBEFF822DB22EFBED168B11D7E5586EA82388E9503B0C7D3740CF2A08E243877F5319202491C8A641C970
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...^.}`.........." ......8..........<).......................................K.....:FK...`A........................................`%G.x....(G.P.....J.@.....H.......J..%....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\dxcompiler.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):22052864
                                                                                                                                                                                                                      Entropy (8bit):6.533287810009358
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:6FE9B96ABEF9D3CD5BBAB1FDCDD9B041
                                                                                                                                                                                                                      SHA1:E6E8F72D6B3BB975C8557780F8D3A8B3EA8C53F5
                                                                                                                                                                                                                      SHA-256:B63145DCB330466A4C3B1516B79FB41E40E21225219A2A12A6764DC9ED749E26
                                                                                                                                                                                                                      SHA-512:80DE095D50B9DFBEC5F5AC1EB7B177A1E68AF70B432FF08F7E9F55D98413C724ECFAB5371BC8FC73B1A3BE83FD073826FDB24104EB1B65EC588AE9350E45EB3B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ..........G..............................................PQ...........`A..........................................".p...H.".x.... P.......E..............0P.......!.......................!.(.......@...........p."..............................text...6........................... ..`.rdata....<.......<.................@..@.data...,.....E..n....D.............@....pdata........E......NE.............@..@.00cfg..8.....O......0O.............@..@.gxfg....0....O..2...2O.............@..@.retplne......O......dO..................tls..........P......fO.............@..._RDATA..\.....P......hO.............@..@.rsrc........ P......jO.............@..@.reloc.......0P......nO.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\dxil.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1508320
                                                                                                                                                                                                                      Entropy (8bit):6.5008958859073855
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:CB72BEF6CE55AA7C9E3A09BD105DCA33
                                                                                                                                                                                                                      SHA1:D48336E1C8215CCF71A758F2FF7E5913342EA229
                                                                                                                                                                                                                      SHA-256:47FFDBD85438891B7963408EA26151BA26AE1B303BBDAB3A55F0F11056085893
                                                                                                                                                                                                                      SHA-512:C89EEBCF43196F8660EEE19CA41CC60C2A00D93F4B3BF118FE7A0DECCB3F831CAC0DB04B2F0C5590FA8D388EB1877A3706BA0D58C7A4E38507C6E64CFD6A50A0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@AC.. -.. -.. -.OX).1 -.OX... -.OX(.. -.VU(.. -..R,.. -.. ,.. -.OX$.. -.OX-.. -.OX.. -.. ... -.OX/.. -.Rich. -.................PE..d...'..}.........." ........."...............................................@......H.....`A............................................l...l...P............`..t........%... .......o..p....................o..(....m..@............................................text...\........................... ..`.rdata..F...........................@..@.data....{.......T..................@....pdata..t....`......."..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\ffmpeg.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2876416
                                                                                                                                                                                                                      Entropy (8bit):6.709900740965214
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:6223533C300AB4552C933D0317E6AC5D
                                                                                                                                                                                                                      SHA1:E3A47CC14E09BAFA601B48049D4B69A2A7EB0557
                                                                                                                                                                                                                      SHA-256:94336FA0E27041E16A30CC44DF45C79A679B07892F5A06B00FF0E69B2B75C7DC
                                                                                                                                                                                                                      SHA-512:921411DC827FBE29C18B5BAEF2B2F1987805F70A68960F8A4CFA0D4E5D2E0E6CD91282D0961452C9035A731633A0AA2380B7D3FF5CD4F0C46A35E93825AF51F1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ......".........`........................................ B...........`A........................................h.*.....~.*.(.............@.H.............A..4....).......................).(...."#.@.............*.P............................text....."......."................. ..`.rdata........#.......".............@..@.data.........*.."....*.............@....pdata..H.....@.......*.............@..@.00cfg..8....pA......x+.............@..@.gxfg....,....A......z+.............@..@.retplne......A.......+..................tls..........A.......+.............@..._RDATA..\.....A.......+.............@..@.reloc...4....A..6....+.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\icudtl.dat

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):10717392
                                                                                                                                                                                                                      Entropy (8bit):6.282534560973548
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:E0F1AD85C0933ECCE2E003A2C59AE726
                                                                                                                                                                                                                      SHA1:A8539FC5A233558EDFA264A34F7AF6187C3F0D4F
                                                                                                                                                                                                                      SHA-256:F5170AA2B388D23BEBF98784DD488A9BCB741470384A6A9A8D7A2638D768DEFB
                                                                                                                                                                                                                      SHA-512:714ED5AE44DFA4812081B8DE42401197C235A4FA05206597F4C7B4170DD37E8360CC75D176399B735C9AEC200F5B7D5C81C07B9AB58CBCA8DC08861C6814FB28
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html ......E.......E.......E..P/...E.../...E..P7...E...7...E...h...F...h.. F..Pi..0F......DF.....WF.....jF..P...}F.......F..`....F.......F.. ....F.......F..0....F.......G......G......(G.....;G..@...NG......aG.....tG.......G.......G..@....G.......G.......G.......G..P....G.......H.......H..P...2H......EH..`...UH......hH......yH..P....H.......H.......H..`....H.......H.......H..P....I.......I......-I..@...=I......PI......aI..@...uI.......I...0...I.. 1...I..p1...I...e...I...e...I...i...I..`i...J...i..)J...K..BJ..p...^J..."'.uJ..P.'..J....'..J...5'..J..06'..J...>'..J..P?'..K...D'..K...F'.0K...H'.IK...V'.hK....(..K....(..K..P.)..K....)..K..pW*..K..P.*..L...*+.?L..p.+.bL....+..L...U,..L....,..L....,..L....,..L..@.,..M....,.-M..P.-.IM.. e-.`M...e-.~M...R/..M.../..M..0.0..M..@.0..M..P.0..M....0..N....0.!N...,0.9N...,0.NN..0-0.fN...-0.vN...Y0..N...Z0..N..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\libEGL.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):478208
                                                                                                                                                                                                                      Entropy (8bit):6.347615495434683
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:6B974DA2331647B01E32E438481B1168
                                                                                                                                                                                                                      SHA1:44342DE39334B6BDACE4E41574A12D12B1FCEEFB
                                                                                                                                                                                                                      SHA-256:0BF8B76DA4EE066028F6DD29D6187D66029DD42256C9FFFCA376C397F1FE6224
                                                                                                                                                                                                                      SHA-512:76FF196F0E410B2496D98E803DE26A33456224A645A9E8B306428CBBE7775379FBFA2D6141D7D9F7A3B92E81B279C442B6AAF91890A2A92A38219CB8B6384870
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ..... ...&............................................................`A............................................h...X...(.......x........A..............H...L.......................0...(...@1..@............1...............................text...j........ .................. ..`.rdata......0.......$..............@..@.data....K....... ..................@....pdata...A.......B..................@..@.00cfg..8....`......................@..@.gxfg... &...p...(..................@..@.retplne.............2...................tls....!............4..............@..._RDATA..\............6..............@..@.rsrc...x............8..............@..@.reloc..H............>..............@..B................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\libGLESv2.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):7628288
                                                                                                                                                                                                                      Entropy (8bit):6.4818122553892525
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:F60247C298B280124A8D7705153B82C9
                                                                                                                                                                                                                      SHA1:4887CD33F66B8237CC427F5C5286AB5E8CDA6583
                                                                                                                                                                                                                      SHA-256:3E1084D0904D02D80FFD1039D0F6F9AF83771950A48D082AF438A4F018817838
                                                                                                                                                                                                                      SHA-512:0B40B6D06E01C46381169DFBB9154CCFFD9A9FB3F14D6C3EF9CCD2CAD9F1993AE8667630044BB57D3D837E405933233FBA8C2A6F8714C1FCB11FA14668DC04EC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ......Y..F.......1L......................................pu...........`A..........................................k.......l.d.....t.......q..Y............t......dk.....................pck.(....1Y.@.............l.......k.@....................text...U.Y.......Y................. ..`.rdata...T...0Y..V....Y.............@..@.data...t.....m......tm.............@....pdata...Y....q..Z....p.............@..@.00cfg..8.....t......Xs.............@..@.gxfg....,... t......Zs.............@..@.retplne.....Pt.......s..................tls....B....`t.......s.............@..._RDATA..\....pt.......s.............@..@.rsrc.........t.......s.............@..@.reloc........t.......s.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\af.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):466401
                                                                                                                                                                                                                      Entropy (8bit):5.410326210149822
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:64FB5AA291CB4C48C9D041F824F87B8C
                                                                                                                                                                                                                      SHA1:7B77CC5C207A0B09B8FF6ACA389A8973F5E58A46
                                                                                                                                                                                                                      SHA-256:9E601935D675CF1DD17A052FDFC149825C5735B674C6B926432D5DB6F37E6F32
                                                                                                                                                                                                                      SHA-512:30BBF36D2048E547CFE21DFFC9317CA43E109BCF33A1D35161EFAA7030884C8598DF445C90660D47C83452E64566A6FDE8FD4B14C253A72C0155FF3EE3746000
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.R...h.Z...i.b...j.n...k.}...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......%.....*.....2.....:.....B.....I.....P.....W.....X.....Y.....^.....k.....z.................!.......................U.......................g.................%................. .....9.............................j.......................^.......................m.......................y.......................u.........................................2.................c.....z.................,.....=.............................J.............................e.......................Y.......................5.....].....f.................%...................................z...........(.....?.............................z.......................X.......................P.......................s.......................F.......................F.......................l...........8.....L...........%.....d.................J.....~.................!.....E.....S.................,.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\am.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):758214
                                                                                                                                                                                                                      Entropy (8bit):4.884312015337586
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:F1359ECCB01E1F19F1629434C2D66FF3
                                                                                                                                                                                                                      SHA1:96503F4B7DD4B734F546BFD74BBE5F2637FC4ABD
                                                                                                                                                                                                                      SHA-256:ECCD96C07AB77B5E9D2AD769F2F57E9F52AD69A6C6FDEC38D73FF7CB76854E71
                                                                                                                                                                                                                      SHA-512:9D8699508F5DC2D76E649C4BD4F35F51954EC7F19DF0CD696F93527F7D1FCACC1C837B752128E632B7893A168F534CA066642C68AA6916805BED385B3BCD803E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#r.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.!...y.'...z.6...|.<...}.N.....V.....[.....c.....k.....s.....z.......................................................................T.....t.....5...........d...........g.....).......................C.................T................./...........(.....r...........&.................'.......................Q...........j.............................v...........A...........2.....Q.....,...........s.................w.................:.......................f.............................v......................./.................2.................'...........?.................,.............................h.............................5.....\...........T.................I.............................U............................. .....B...........f.................. .....!....h!.....!....[".... #.....#.....#.....$....9%.....%.....%.....&....R'.....'.....'....@(.....(.....(.....(.....)....0*.....*

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\ar.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):829342
                                                                                                                                                                                                                      Entropy (8bit):4.89844194314202
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:C3111CE17B2C878265B9BD56B590E212
                                                                                                                                                                                                                      SHA1:F5C7B8C06C9E746C2AE8C1B48FDEF965D2F4B574
                                                                                                                                                                                                                      SHA-256:7FDBB3419CE0A1C8CA9CD189D8D41504DFFE6CA5A0468C137C245C65F12791CE
                                                                                                                                                                                                                      SHA-512:57261566B45DC37CFB76809584B3A5F22B4A84772A3DCD08D26314F1BB3932EFC6D0D33FDAAF5BD2B4C8B93AB8DE3D0344A0FCEAA36ADAD6C59B0BCFB847E504
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.....h.....i.....j.....k.*...l.5...n.=...o.B...p.O...q.U...r.a...s.r...t.{...v.....w.....y.....z.....|.....}...................................................................$.....A.....x.......................1.....U...................................c.......................X.................m...........G.....^...........Q.....{...........:.................c.................0.....V.....5.......................I...........=.....k.................G.....b.....i.....V...........5...........C.....m...........4.......................{...........=.....].................7.....U...........T.................J...........4.....X...........].................9.............................Q.................S.................+...........&.....[...................................=.................B.............................. ....J ....p ..... ....g!.....!.....!.....".....#....j$.....$....I%.....%....'&....^&.....&....l'.....'.....'....)(.....(.....(.....(.....)....-*.....*.....*....A+

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\bg.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):863130
                                                                                                                                                                                                                      Entropy (8bit):4.656204163251702
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:5FF835B0409286AD9A0EE6BCD8F8DB34
                                                                                                                                                                                                                      SHA1:859EBAA36143E5DE6E4BA5E89882FE013BD94352
                                                                                                                                                                                                                      SHA-256:862F8693174997662CA58D85E6115F02F03EE1EEE7A8305206899A6F3352E885
                                                                                                                                                                                                                      SHA-512:84862CAB596650B09AC5CD0F0418D1AD9125CD3A84413E6B888F011270F4D8911D269CFC2D21E894330C339501D235AC3A72E85D6B5A9408A054E110C8C302D7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.\...h.d...i.l...j.x...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.'...../.....4.....<.....D.....L.....S.....Z.....a.....b.....c.....h.........................................e...........m...................................p.................a...........(...........S.................X...........0.....V.....B...........b.................t...........@.....*...........v...........t............................._.....................................................V.....}.....$................./...........T.................{...........k...........:.................-...........@.................9.............................N.............................O...........+.................) ..... ....1!....s!.....!....."....I#.....#.....#.....$.....%.....&....p&.....'.....'.....'.....(.....(....|).....).....*.....*.....+.....,....B,....2-......................./.....0.....1....S1.....2.....2.....3....I3.....3....t4.....4.....4.....5.....6....:7

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\bn.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1114114
                                                                                                                                                                                                                      Entropy (8bit):4.2739336010383
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:F2C82B17F4E5C4231BB339838B566294
                                                                                                                                                                                                                      SHA1:42412C5C1976E49A1319B8B15A3DC023D5ED7225
                                                                                                                                                                                                                      SHA-256:BFFBA69E50FB7E260700A4C9332CB9DC253DCBBCE80A48C505C1A3A606338F28
                                                                                                                                                                                                                      SHA-512:FC2587BCD76B38F6BB26A1069E2B50F2E079C1F4FDB477513F4E95F61AD1B4F8BBAF0A6CA986B4AE163BDBB46A82F05225C8BF17665A3891B78D9459916F4557
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.R...h.Z...i.k...j.w...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.'...../.....4.....<.....D.....I.....Q.....X....._.....f.....g.....h.....m.............................I.....S...........K.....@...........................................................N...........J...........w...........d...........i.............................}.....c.....:........... .................c..........._...........q.......................#.....U.....y.....q...........k.....4.................E...........}.................|...........A.....d.....D...........]...........Y...........U...........9...........-.....S...................................\ ..... ..... .....!.....#.....#....$$.....%.....%....j&.....&....G'.....'.....(....B(.....).....)....=*....i*....Q+....*,.....,....9-.....-................./...../.....0.....0....+1.....2.....2.....3.....3.....4....C6....67....i7.....8.....9....G:.....:.....;....K<.....<.....<.....=.....>.....>....,?....2@.....A

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\ca.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):525355
                                                                                                                                                                                                                      Entropy (8bit):5.410102897400805
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:A47B714BFEBCBFFC9AD229C31528F422
                                                                                                                                                                                                                      SHA1:6FCAA273CD3B84E1C34458A1E6187BF9FE4107C3
                                                                                                                                                                                                                      SHA-256:3A35437A487D709BC5B629EF4C2A7EB131051422B69B5DD7B6164E05914D74AF
                                                                                                                                                                                                                      SHA-512:1B96FDCD55E698A1D1358A3A9640A078A7AB46AEC85D18D38C8706B86F8AC337B3663526E3FD2A13F43B6E52E1084DEBFA6C6A36FD5DAEBD2886ADC6875AC334
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.\...h.d...i.l...j.x...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.'...../.....4.....<.....D.....L.....S.....Z.....a.....b.....c.....e.............................{...........w.................k.................`...........D.....c...........&.....^.....{...........*.....].....p...........!.....T.....e...........O.................D................. .................4.....H.................9.....M...........+.....p...........'.................1.............................~.......................\.......................\.......................k.......................X.......................1.....|.......................l.................4.......................i.......................d.................,.....{.................J.................0.............................m.......................w.................(...........M.................Z.................0.................2.....R.......................&.................>.....Z.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\cs.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):540874
                                                                                                                                                                                                                      Entropy (8bit):5.8473369091132
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:D971B54CFEBA1E7EA43377543A51DA69
                                                                                                                                                                                                                      SHA1:845A2BC2B9BECAB96E5BB505190110D7E99CA673
                                                                                                                                                                                                                      SHA-256:96F864FDB89AB20B709F986F05AB48F0C76D6C53E14F0CCB794DC877C6E4D01C
                                                                                                                                                                                                                      SHA-512:9F3FE6C1172E1C5068C36732590EE9DA5536821F3C942E1821E5345209EA11083D17F140C51169B1EBC8C10CC23DF31EF8F1A7C43B8B443A0FA0EB3A64B02175
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.,...h.4...i.<...j.H...k.W...l.b...n.j...o.o...p.|...q.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................#.....*.....1.....2.....3.....5.....E.....W.....i.....~.......................+.................$.....3...........6.........................................A.......................=.......................@...................................W.....y...........`.........................................=...................................K.....e.................4.....K.............................}.......................l................. .......................*.....{.......................p.................!.................*.....>...........3.....w.................&.....A.....U.......................6.................).....?.................`.................=.....X.....l...........O.......................n.................:...................................d.................h.......................].......................p.......

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\da.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):489104
                                                                                                                                                                                                                      Entropy (8bit):5.449350926313114
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:A8D0F3BF65BF7DF6CAB590ECD774DBE1
                                                                                                                                                                                                                      SHA1:D501FDE96A0E0553D2CFBC4D6A7E6E388BE074F3
                                                                                                                                                                                                                      SHA-256:1B05D5948C9DC4CE160C5006D5DE399BF8B53BF1A077B2ED6C15E24AE2B1B625
                                                                                                                                                                                                                      SHA-512:3E9CE6CB5760CED785382F61FEA2C70F4A357D86E5695E96DDC28898DED404D2625A4F2250F7B8BB2944CA26258F2F2B11719A52B43749E0B37AD2435AB7A06E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#}.e.j...h.r...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.&...|.,...}.>.....F.....K.....S.....[.....c.....j.....q.....x.....y.....z.....|.............................8.......................m.................4...........F.......................y.......................l.......................T.....~.................U.........................................S.......................z.................3...........<.................9.................7.......................&.....t.......................M.......................8.......................>.......................7.............................v......................._.........................................P.......................4.............................e.......................z.................J.......................J.......................b.......................^.................$...........5.....k.................f.......................@.....\.....i...........+.....b.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\de.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):522864
                                                                                                                                                                                                                      Entropy (8bit):5.509466969630406
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:1EB575FC56B44C50D0E9F77D9E4C175A
                                                                                                                                                                                                                      SHA1:DA1306F42271324C75013A607C44455AECA1382F
                                                                                                                                                                                                                      SHA-256:95DBB8E1E637CE37271220B55ACF53B42E4894FED6AECD446AC9954C3DFBDBDA
                                                                                                                                                                                                                      SHA-512:C27A47E67B5E4D7D37CC7474619F28EA5737C8A7C4944620A9CDCCE7C1B35E9609EF9993415EA600AD5571614C6D76B7C519F79363F8FCD9AC28A561D5C03255
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.!...v.6...w.C...y.I...z.X...|.^...}.p.....x.....}.........................................................................................v.................c...........#.....8...........0.....|...................................M.......................x...........".....6...........<.....s...........%...................................D.....U...........W.................>...........$.....>...........}.................b.......................s........................................./...........<.........................................;.......................d...................................G.....Y............................._.......................Y.......................W...................................J.....~...........K.....i.................e.................0.......................r...........J.....T...........q.................M.......................i...................................H.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\el.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):946276
                                                                                                                                                                                                                      Entropy (8bit):4.741751519140143
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:5A8EACC55425412FE190433423B8D5AC
                                                                                                                                                                                                                      SHA1:9E232B1A12EE6D28A2BD4D3C11A46DEE509DA4A4
                                                                                                                                                                                                                      SHA-256:FF22DBB5CF6E1467E66A2D2D3C0168AB4CED57EBEAB074D167EA1FBCA3796876
                                                                                                                                                                                                                      SHA-512:48EFD0B640D4E174E87492273ECC1BFB252AFCEBC17CEB4D12558DD171D0D2ED8ED9761BE208AA6ADC3F2C3918A00E8BEC429C29108127DEA3AD2FCABD82BB4C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.b...h.j...i.r...j.|...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.+.....3.....8.....@.....H.....P.....W.....^.....e.....f.....g.....i.......................(.....O.....-.............................p.............................`...................................%.....{...........A........... .....@.......................g.....o.....i...........8.................I.....d.....K...........y.................P.................:.....2...............................................V.................d...........R...........i.....C.......................o...........................................................$........................ ....%!....-".....".....".....#.....$.....$....,%.....%....U&.....&.....&....g'.....'....U(.....(....o)..../*.....*.....+.....+....R,.....,.....,.....-....B................../....m0.....0....&1....P2....k3....!4....Z4....[5....B6.....6.....6.....8.....9.....9.....9....u:....?;.....;.....;.....<.....=....P>

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\en-GB.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):426075
                                                                                                                                                                                                                      Entropy (8bit):5.520645088608974
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:5C5F2B6AEBAA418B13FD1500DE8E4578
                                                                                                                                                                                                                      SHA1:B3DB67FFDD67157C467C02ADB24F91F76EC7819D
                                                                                                                                                                                                                      SHA-256:026D26E66651B31A331ECB10FB2022A5A442CC3A4B726C5BF4CBEF9128D1F9BA
                                                                                                                                                                                                                      SHA-512:D7980444F0D275E7D9D88DFA6CA87545BFE0F4ED1136AE73F49B6F16C300A8E67949B319A1A46B9AEB3266251D797639F5DE4FD4DB54C3D50F11A54F339FC562
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........C$ .e.$...h.,...i.:...j.F...k.U...l.`...n.h...o.m...p.z...q.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................!.....(...../.....0.....1.....6.....C.....R.....b.....s...........F.......................D.....u.................E.......................<.....k.......................;.....I.............................[.......................>.......................4.............................W.......................&.....R.....]...........&.....h.....|.............................Z.............................=.....^.....j.................D.....W.......................'.....p.......................1.....u.......................6....._.....j...........#.....`.....u.................%.....;.............................C.............................Y.......................0.....K.....Z.................2.....B.......................7.................R.....`........... .....W.....t.................B.....Q.............................g.............

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\en-US.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):429364
                                                                                                                                                                                                                      Entropy (8bit):5.51194995966022
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:E5AA0C6C71E9CB44C190333C8FD42441
                                                                                                                                                                                                                      SHA1:9114E10C63FAAA7D6D82D7373F0392F9181BF977
                                                                                                                                                                                                                      SHA-256:9276EDD0593B43F98A436F5ED12AAEB87AAED5D1F4B90103BE47F53A335C6290
                                                                                                                                                                                                                      SHA-512:F19821F39ABBEA9FA3EDD791CE7D2539C7D8961FA80685CFFEC8B32A5681BE44989D03CE1AEA5F7957583B6EF658DCBF93179F3257292DFEB84D22011F426654
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........n$..e.z...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.-...|.3...}.E.....M.....R.....Z.....b.....j.....q.....x.....................................................3.......................H.......................=.......................@.............................`.......................#.....J.....W.......................%.......................%.....y.......................U.......................#.....k.......................k.......................7.....R.....a.............................E.............................W.......................3.....`.....l.................#...........v.......................6.....{.......................j.......................J.....m.......................).....>.............................].......................D.....{.......................D.....n.....~...........#.....[.....s...........D.......................W.......................M.....y......................./.....?...................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\es-419.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):517676
                                                                                                                                                                                                                      Entropy (8bit):5.383521935260842
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:4B6D1B4BA163DE45ED4F78E14366B793
                                                                                                                                                                                                                      SHA1:CF109E4C6FC9EE8E49D2E8E2BB338614215EF704
                                                                                                                                                                                                                      SHA-256:3E4296C31B937E982BDCE2C3B3272476EC4781D0F55FB0D2D19AF5A31743ACDC
                                                                                                                                                                                                                      SHA-512:8773C4AF2D3EE19AB5CD07082F71119A9A4235C99E16F015106F2B170C6FFACA16E1D75C5AFDF112D63B19DD7B67A9086CA1AC9A16D22022FF78A4B9B6C70FDD
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#v.e.x...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.,...|.2...}.D.....L.....Q.....Y.....a.....i.....p.....w.....~...............................................b...........V.....q...........I.................:.................5...........".....d.................".....L....._.................D.....U...........O.................N.................,.................N.....a...........6.....t.................w.................r...........J.....q.................7.....R.................+.....:.................2.....H...........%.....j.....}...........A.......................7.....h.....s.................L.....V...........$.....d.....t...........g.................9.......................C.................*.......................R.................J.......................9................./.....H.................a.....{.........................................Z.................n......................._.....................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\es.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):517433
                                                                                                                                                                                                                      Entropy (8bit):5.35951861036658
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:50B24602E3951E344A39D0657FFF7DCF
                                                                                                                                                                                                                      SHA1:C0005A557704093AAFE857BF8B0206A886E9926C
                                                                                                                                                                                                                      SHA-256:F46B966CE013B8119B6AD6F7D80E985A797B99A0C9BDD99A0F608E1B2BB45D3D
                                                                                                                                                                                                                      SHA-512:692114BBD1B87D8512182F890E0ECB61C9F8E82BFDECB8FDE4829CDD092D163CE452712724AFF4ACA78509958588C8BD3DBAE338CDA26E0A2E1071A068783FAC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#u.e.z...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.-...|.3...}.E.....M.....R.....Z.....b.....j.....q.....x.....................................................i...........a.....|...........^.................J...........:.....T...........7.....s.................I.....x.................J.....r.................}.................q...........*.....H........... .....c.....t...........D.....................................................E.....j.................R.....h.................<.....K.................D.....Z...........&.....Y.....l...........!.....U.....a.................?.....J.................".....,.......................).................^.....x.................Z.....w...........(.....O.....n...........U.....z...................................g.......................[.......................q.................,...........@.................C.................7.................[.....o.................:.....M.................^.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\et.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):469391
                                                                                                                                                                                                                      Entropy (8bit):5.458773975575223
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:3C5A65DEEE029F6A01D66754BB28FDAA
                                                                                                                                                                                                                      SHA1:3795EEE0E25519CEB05914E5E5A669683C46CFF4
                                                                                                                                                                                                                      SHA-256:FC4A20EB39F8B88F9F865312680F6DE86A98E0AF569D29E8B5EDCCF1AD264ED7
                                                                                                                                                                                                                      SHA-512:5BE2E0DDFED17B8B0AB13B9AE110FB4D18AD70F8FEF36A4C9780775F95EF52504493BFAD35121F7FA4E00D90B3B87A665D9D350B1258A495A263EAF00EED9B31
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#i.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.,...w.9...y.?...z.N...|.T...}.f.....n.....s.....{.............................................................................o...........f.................P.......................u.................%.......................%.............................x.......................w.................).......................S.......................W.......................g...................................W.....n...........3.....U.....p.................<.....H.................'.....7.................?.....J.................K.....Y.................C.....K.................>.....M.................@.....H...........0.....k.................1.....P.....f...........$.....H.....k.................P.....]...........%.....Y.................(.....B.....S.................?.....W...........#.....[.....v...........q................._...........%.....J...........&.....\.....i.................%.....9.................5.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\fa.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):770203
                                                                                                                                                                                                                      Entropy (8bit):5.02054736628404
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:160967689AC20006AD11C1B80078FA0C
                                                                                                                                                                                                                      SHA1:92AE8FBAA7AE795C0210F3F7523D83441ADF0B63
                                                                                                                                                                                                                      SHA-256:277C77B5CEA438173B7F77173AF8A7F91F40997F9F5795385DF63456E1C43839
                                                                                                                                                                                                                      SHA-512:2861E0F23BF3C9E7A33345D1C24409819582181EB7377DE5F4A8096F1FBA4655E83B57CDDF51DE6DD26BBA1DE7E885EF7B0CF7DA41843EFAE187FBC18CF5D866
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.....h.....i.....j.....k.....l.....n.....o.....p.+...q.1...r.=...s.N...t.W...v.l...w.y...y.....z.....|.....}...............................................................................G.....n.....S.....$.................x.....).................y.....9.......................b.................{.....'.....m............................. ...........Y.......................-.....y...........9...........%.....A...................................c...............................................7.....k...................................m...........C.....Z................................... .....g.....~.............................b...........2.....T...........z.................z.....).................,.............................H.................]...........J.....j.......................U...........K.....p...........E...........A ....c .....!.....!.....!.....".....#.....#.....$.....$.....%.....&.....&.....&....q'.....(....g(.....(.....).....).....).....)....~*.....+....j+.....+

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\fi.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):479759
                                                                                                                                                                                                                      Entropy (8bit):5.4233781889660095
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:EB14A220409772C69D9ECF1F8BCA4EA2
                                                                                                                                                                                                                      SHA1:15EC989CF14C3254625EB108EFA5BE30F384DAF3
                                                                                                                                                                                                                      SHA-256:6F602DFF371D7F3A48E37A1A4B0F42E54587C987E5E86E240C2302D751E4EF04
                                                                                                                                                                                                                      SHA-512:EC3B6CB3B1562AB1C27AFEAA4C670F2C7073A49E98E4C0D6F5B6FABE3BA6D44A4F10AD6F726A03885927534983CD9F1B74AD5B204B271C6CE7C941C32BE74441
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.'...s.8...t.A...v.V...w.c...y.i...z.x...|.~...}........................................................................................... ...........%.....z.................S.......................v................./.......................9.............................`.......................<.....b.....|..........._.......................m.......................o.......................p.................8.......................a.......................;.............................K.....l.....x.................E.....O.......................;.............................h.......................L.......................A.......................^.......................+.......................!...............................................).....i.......................F.....p.................>.....w...................................e.......................u.......................P.............................o.......

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\fil.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):542224
                                                                                                                                                                                                                      Entropy (8bit):5.19462709663241
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:6CBAB97CC8EAE527A372DFB61F30756F
                                                                                                                                                                                                                      SHA1:DB048884389EBAF98920A148FD86686890649502
                                                                                                                                                                                                                      SHA-256:F1764423A42662F18ABEA81741CA8ED46BBDACAE89B67E200FAA5735AAA0BECC
                                                                                                                                                                                                                      SHA-512:0B65D4AE17F92667717ADABE88CE207B39E624D9EE65B8CFAC15408C2D1E9066194642D2FAA81043CCB3D81ABF60A670A90817AE4062F681959D66D558E5955C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........R$..e.B...h.J...i.`...j.l...k.{...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......#.....(.....0.....8.....@.....G.....N.....U.....V.....W.....\.....i.....~.................M...........<.....Z...........Q.................S...........@.....g...........\.........................................'.......................j.................J...........`.................O.................#.................J.....d..........._.................X...........D.....f...........%.....P.....m.................C.....P.......................=.................U.....k...........7.....m.....|...........?.....q.................@.....q.................B.....t...................................T.......................N.......................>.......................g........... .....W.................H.....b...........@.....s.........................................'.................6.................6.................L.....d.................D.....Z...........P.......

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\fr.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):560587
                                                                                                                                                                                                                      Entropy (8bit):5.384117218365487
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:16A90C27DACBAF35297913D4E37B54AE
                                                                                                                                                                                                                      SHA1:5ABDA6B854420AB74B8A67F3FEE433A8EAC7ACAC
                                                                                                                                                                                                                      SHA-256:0BB5C919F3D2C468630635A92EA9D116B142569A9ECFA714CB9BB642331C373B
                                                                                                                                                                                                                      SHA-512:1D52FF4427D6D83756EF40FAE521C850DC10DFEC8BE5E74475233780F551851583F5A8733500BFA4FD78D490F682BBF2FE5A3F912C64546B41C92066AFAF8EB8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.>...h.F...i.W...j.c...k.r...l.}...n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...................'...../.....7.....>.....E.....L.....M.....N.....P.....`.....n.................4...........T.....v...........].................E...........*.....F...........!.....u.................R.....~.................b.................=...................................F.....j...........H.......................q.................6.............................+.......................l.......................f.......................l.........................................5.......................8.......................%...............................................I...........-.....D.................8.....V.......................,.................2.....N...........Y.................5.......................5...................................4.....T...........R.................@.............................#.....p.................8.....e.....y...........e.......

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\gu.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1093662
                                                                                                                                                                                                                      Entropy (8bit):4.314715426394661
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:1C395C52CBE8C7693CEA0DBF799C29D6
                                                                                                                                                                                                                      SHA1:ED8858ADAC7D75D217969F123F596775EF6DB8B1
                                                                                                                                                                                                                      SHA-256:EA3EC200A66358AA6F7BF269C1D208B5F6FA7901A54567033EAF36F3EBABCD75
                                                                                                                                                                                                                      SHA-512:53DE04BF1CB56A6076F43F0EC24E4FA90D74E7D6D21A275B0818363082DC70AB2D5A9BECD48A4D8C039D6A82A274E18264595104FBC14EE5181285B981478B00
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.f...h.n...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.+...|.1...}.C.....K.....P.....X.....`.....h.....o.....v.....}.....~.........................................j.....g.....8.....t.....g.....(...............................................i.......................O.................z...........d...........g.....#.............................^...........v.....J...................................?.....<.....7.......................*.......................<.....x...........X...........M.....u.......................&.......................6......................./...................................K.................r.....!.....}............ .....!....d"....."....S#.....$....Z$.....$.....%.....%.....%.....%.....&....j'.....'....$(..../).....)....|*.....*.....+....A,.....,.....,.....-...._................../.....0....;1....n1.....2.....3.....4.....4.....5.....6....D7.....7.....8....P9.....9.....9.....:....{;.....;.....<....!=.....=.....>

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\he.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):673942
                                                                                                                                                                                                                      Entropy (8bit):4.634538125329964
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:9D8FA293198185E31ECD797F0AEFC72A
                                                                                                                                                                                                                      SHA1:F2F681A154A1FE809CE2796045ED5A26C91FF5ED
                                                                                                                                                                                                                      SHA-256:741ECFA065540CA34C2FFFE4315E48627A4F13B4A22AF27178131723B7B5747C
                                                                                                                                                                                                                      SHA-512:11FFCE433DC5D910DC825AEAEA053483E13C361A251CFC64E158FF5501CEDAB5C554F76208B3DFB809EF6B4C9A17F7B5A106D7F1434828C4D5F870B0B260D58B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.....h."...i.3...j.?...k.N...l.Y...n.a...o.f...p.s...q.y...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................!.....(.....).....*.....,.....C.....\.....u...........W.......................A.............................g.................l...........;.....]...........R.........................................o.................G...........^.................n...........M.....l...........c.................K.................+.........................................0.....]...........G.....y...........#...................................D.....W...........M.........................................M...................................6.....I...........p.................a.........................................<...........3.................A.................9.................".....;.................O.....h...........}.......................}.......................F.................o...........<.....c...........O ..... ..... ....X!.....!....E"

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\hi.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1144854
                                                                                                                                                                                                                      Entropy (8bit):4.297985532061122
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:704D910C6543784347C25120FFEE1B31
                                                                                                                                                                                                                      SHA1:D0D597551E8AC203ABF52533B4CEB3EC7DF6343C
                                                                                                                                                                                                                      SHA-256:E1C050657D50D5B515958475DD574C521ED6B77C9664D53C2E9B3F5A44DB66B9
                                                                                                                                                                                                                      SHA-512:77B7AC1AC54315631DEB4CB561FF2FB933882BDB291E1A830AC11B83D5190C2794432DE7E3244F8BAD76E48E29421DFD7F55F12CA348A434B9DD2A9158947895
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.....h.....i.....j.....k.....l.'...n./...o.4...p.A...q.G...r.S...s.d...t.m...v.....w.....y.....z.....|.....}...............................................................................A.....l...............................................1.....l.........................................P...........R...........`...........H...........C.....f.....M...........P.............................N.....(...........X...........h.....!.............................N.......................}.................C.................{.....,.................=.................0.................,.....].......................M...................................l.......................L ..... ..... .....!....."....V#.....#....B$.....$....:%....f%.....&.....&.....&.....&.....'....8(.....(.....(.....).....*.....+....e+.....,.....,.....,....'-................./...../.....0....k1.....2....D2.....3.....4.....5.....5.....7.....7....U8.....8.....9.....:....H;.....;.....<....P=.....=.....>.....?.....?....N@

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\hr.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):522373
                                                                                                                                                                                                                      Entropy (8bit):5.5178071488164155
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:DFB7CF0594879F0BC3282E98EAAB54FD
                                                                                                                                                                                                                      SHA1:91A568038428A59B5561CE97DFC4D88F551F0118
                                                                                                                                                                                                                      SHA-256:4C08FB60E36D204A5B247746C763956545C4E120C443AC4D232CA708B8EE7DE2
                                                                                                                                                                                                                      SHA-512:62D0A25A1DB03564AC3D9CED053F73CD6F3ABA2AA029AF344DD8D457BD3739C07955713C2D7F5BC7FAA805DED9D1580585722328FFE546523D7F6933073F98B6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#i.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.,...w.9...y.?...z.N...|.T...}.f.....n.....s.....{.............................................................................{...........i.................V.................'.......................u.................,.......................(.....}.......................|.................0...........-.......................o................./.......................Q.................+...........D.................).....z.......................T.....v.......................:.....J.................D.....Y.................6.....E.................H.....].................0.....@.......................(.................c.....~.................@.....].................#.....C.......................0.................U.................1.....V.....l...........9.....k.................e.................]...........8.....J...........2.....p.................W.......................4.....R.....d...........@.....~.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\hu.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):562442
                                                                                                                                                                                                                      Entropy (8bit):5.642589382314346
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:420591BAF2E28C5BC5B010CD21B874C9
                                                                                                                                                                                                                      SHA1:48EAF27B110AD42360E8DFEF1F0CB39CDAF4C8EF
                                                                                                                                                                                                                      SHA-256:F7237BDD8785AA7478C2FB364172018231D67698B2BBD444ADD8346060E57CF9
                                                                                                                                                                                                                      SHA-512:3D0B9662A9D087F9AB8B3FC6AC27FC41D83139BDA264663BD8228C6745D1CA8D8A4DE38628B6D70E5C90917D9C09226A58F88B0BD29C0B5D6C73354447BC02A9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.....h.&...i.7...j.A...k.P...l.[...n.c...o.h...p.u...q.{...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................#.....*.....+.....,.....1.....A.....W.....l.......................O.....m...........d.................@...........&.....@...........8.....n.................a.......................o.................U.................8..........._.................M...................................=.....M...........P.................E...........1.....P...........D.....p.................e.......................|.................K...........'.....>...........H.........................................c...........1.....F...........L.....................................................#.....?.................6....._...........&.....e.....}...........y.................e.......................[...................................=.....^...................................5.................M.................0................./.....K...........<.......

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\id.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):463284
                                                                                                                                                                                                                      Entropy (8bit):5.380814037137659
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:D71A2C619AC8A1D059EB45DB685745E2
                                                                                                                                                                                                                      SHA1:BC121089DD38C1194065014F8BF0493EA4481C15
                                                                                                                                                                                                                      SHA-256:A9839829935FBD9EFD214B5EF503006E9BF8A07E39AEF909F6ADD97E7BF7C410
                                                                                                                                                                                                                      SHA-512:75AA5941A5D1467C569E371E73E77AB6B1C18F29E32A2BE845223DE59A9642E55747B8503CCBD6951832AFDF2863DFD5128F86BE649093EBA34DF37D019E65CB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.H...h.P...i.a...j.m...k.|...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......$.....).....1.....9.....A.....H.....O.....V.....W.....X.....Z.....h.....u.......................}.................2.....~.................#.....~.................?.......................B....................... .....d.......................[.......................f.......................R.....|.................1.....^.....k...........1.....l.................Z.......................7.....R.....c.......................'.....u.......................N.......................5.............................^.......................7.....d.....p.................P.....].................G.....Y.............................\.......................4.....z.......................^.......................5.....O.....].................=.....L.................D.....]...........U.................+.......................>.............................U.....t.................C.....z.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\it.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):510870
                                                                                                                                                                                                                      Entropy (8bit):5.2925929498896975
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:F37C531FE9C157DD9FD2FBE2490900D7
                                                                                                                                                                                                                      SHA1:F71D89162FFD90B8BEB9DA57681E2EC0B1E144EC
                                                                                                                                                                                                                      SHA-256:556233DEB27128298F652D8E1C7571FFAB72EB6E19284D3CE3974872417F1EEA
                                                                                                                                                                                                                      SHA-512:AF06A952E27962951714E67ECE209812D2FC8602621263D651FC5A69A859C6981CA72998B12B48E123E5CBD12B9366548923F24DCD7DEA8AE36EE561D1B0EBD3
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.X...h.`...i.q...j.}...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.,.....4.....9.....A.....I.....Q.....X....._.....f.....g.....h.....j.....}.......................M...........;.....W.................^.....o...........g.................w...........+.....T.......................!.....s.......................v.................:...........2.........................................=.......................Z...................................k.................7.....c.......................E.....S......................................... .....2.............................h.......................<.............................f.........................................J.............................N.....d.....z...........(.....T.....i...........E.................'.....j.......................@.....k.....~...........c.................k...........[.....r...........l.................c.................1.....~.......................`.............

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\ja.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):622962
                                                                                                                                                                                                                      Entropy (8bit):5.6977843395057075
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:234370A14C324BB5A1609C070DF487C7
                                                                                                                                                                                                                      SHA1:F21372B225CC4B3678602DB9229752998A25C636
                                                                                                                                                                                                                      SHA-256:C44995B0D0157AE30A1F4A04934A2CA13F7519A073994AFEAC40737D5457B70F
                                                                                                                                                                                                                      SHA-512:9705FB32D35111FE34E6BEC69E60CD4C20DBFB1F5FFE9CF68051E6392D6A0F01C3A0E893722E7DEBCCE00417BAC66820208578C67DE382EDDC9BE16F45137229
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........"#A.e.....h.....i.....j.....k.....l.....m. ...o.5...p.B...q.H...v.T...w.a...y.g...z.v...|.|...}...........................................................................................%.....F.....g.............................|...........0.....H...........s.......................R.................g.................!.......................,...........(....._...................................k...................................*.....9.................Q.....`.......................&.......................(...........).....j.........................................:.................6...................................V.....h...........S.................&.............................@.................@...................................'.....H...........4.................<.................:.......................#...........(.....h.................X.................P...........X.....m.........................................M.....n...........\.................A.................%.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\kn.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1252837
                                                                                                                                                                                                                      Entropy (8bit):4.224937819725348
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:1CE840130606E9F9B911A2DF0CF6B9F5
                                                                                                                                                                                                                      SHA1:CC00E930D1DF3A678F11E158632089B50A86FD52
                                                                                                                                                                                                                      SHA-256:CA43C63D9F20C9F36C7576F76162FB500FDD89AE8FF3C30A30413E2585B2F04F
                                                                                                                                                                                                                      SHA-512:0800F015D0942899814B8B80784EB30ADEE2D0431F30FE61A1DA2A20496F3E1D5C4A16493126C2388F32DBECFDCB3F09670C6878DD12E63E6D9D4124A68BD98B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........$c.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.#...v.8...w.E...y.K...z.Z...|.`...}.r.....z.......................................................................!.....a...........,.....`.....a...................................x...........l.............................i.......................F.....3...........}.......................3.............................;.....A...................................e.................................................................4.................p...........U.....h.........................................9 ....s ....G!....."....|"....."....S#.....$....v$.....$....z%....2&.....&.....&.....'....X(.....(.....)....$*....#+.....+.....,.....,.....-..........a....../...../...../...../.....0....c1.....1...."2....J3.....4.....4....'5.....6.....6.....7....`7.....8....\9.....9....;:.....;....L<.....=....g=.....>....N@....LA.....A.....B.....C.....D.....E....fF....KG.....G....>H.....I.....I.....J....ZJ.....K....vL.....M

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\ko.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):527354
                                                                                                                                                                                                                      Entropy (8bit):6.061901143177582
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:F3E3D2F92C2F001AA5CED06ABF7722A3
                                                                                                                                                                                                                      SHA1:89324608E6269D7D22C96CB8CDB52C0F32BD2ADB
                                                                                                                                                                                                                      SHA-256:9DB0DBB2CBBAEC15076A69B4F6FCB6236198175E9A687B6FEBC685CF071DBDC1
                                                                                                                                                                                                                      SHA-512:86322C1810414C10FC98C70D8EB441AF5E90E76FA6C593A79D8E7DDF440DBA7438D801EF05A3F75B2B4B23FFD3E7C4AF8BAA925645970D684466CF86DAEA43C6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#T.e.....h.....i.....j.....k.....l.....m.....o.....p.....q.....r.....s.-...t.6...y.K...z.Z...|.`...}.r.....z.....................................................................................................?.....]...........6.....w.................n.................1.......................O.......................T.......................c.......................t.................).......................................................................)...........,.....y.................B.....f.....}...........#.....H.....X.................#.....3.................U.....q...........5.....i.....y...........@.....t.................C.....s.................A.....r.................w.................8.......................(.....}.................3.......................M.................!.....r.......................=.......................@.......................S.................$.......................E.................<.....O.................".....5.................&.....9.......

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\lt.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):566503
                                                                                                                                                                                                                      Entropy (8bit):5.631780762978957
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:1326B58298586AA382E0073B80E8F446
                                                                                                                                                                                                                      SHA1:B299DEB1AF39DFEBDA86B8400B0B6A2EA734BEEF
                                                                                                                                                                                                                      SHA-256:58C9495A5770BF93DEEF4675BDF49B3F7D0387640B74F74DC12948B372DF1485
                                                                                                                                                                                                                      SHA-512:5EFFA9704F5FAB2C6646D8C45CC0368EA50C25357E4779AD0475FBD6DA57F954759F21D4AC88B400A32AAE5B7BAC5F6C40DB5A3EF64462C5BE203654101B922C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#~.e.h...h.p...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.$...|.*...}.<.....D.....I.....Q.....Y.....a.....h.....o.....v.....w.....x.....z.............................P...........>.....Y...........o.................i...........C.....]...........T.........................................].................0...........*.....^...................................n................./.................W.....g.............................p...........N.....l...........N.....u.................s.................(.......................a.................2...........&.....`.....o...........m.................9.......................o.................+...........^.................B...................................M.....u...........g.................G.................7.................0.....C...........j.................]...........$.....H.........................................B.....b.............................D.......................d...........4.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\lv.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):564832
                                                                                                                                                                                                                      Entropy (8bit):5.629384536813544
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:5E35E54760D2E45D534AA6AAF20FDBC4
                                                                                                                                                                                                                      SHA1:AD12C4E34D4D2EE5E381D5498735A2F30E6C537C
                                                                                                                                                                                                                      SHA-256:A8257F11B91E81A329CE3E9E72128F0A012DEEA085E02FA07030C8E6283BD437
                                                                                                                                                                                                                      SHA-512:4B28F4F91330E7ADD296D6B0F63E835ED1F1644523B455A718E8CE3101CA4405CCAA102A130C07573B8CC007F03FA38F73CF8BBC25EC1344EE064B681EA78FD8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........$W.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.!...s.2...t.;...v.P...w.]...y.c...z.r...|.x...}........................................................................................... ...........|.................i...........4.....G...........|.................h...........9.....X...........7.....s.....~...........s................./.............................E.................(.......................y...........?.....R...........v.................d...........Z.....{...........F.....l.................O.....x.................].........................................i.................,.................Q.....`...........I.....|...................................b...........U.....m...........0.....K.....`..........._.........................................J.................T...........!.....A.....Z...........^.................*.............................\.................Z.................;...........6.....p.................R.....m.........................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\ml.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1303783
                                                                                                                                                                                                                      Entropy (8bit):4.259258799432565
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:1AD0400A471428FE4C19985483B49CF0
                                                                                                                                                                                                                      SHA1:FBA5AA51A78ADD72885F88F69E9C1048DE7C6CE5
                                                                                                                                                                                                                      SHA-256:103678E2474E84E10C8A77DDADBB6559B4AEA54C9ABBC3777C4970E99A6B248B
                                                                                                                                                                                                                      SHA-512:F123E81C21D60D6A8F0602BB49EE516FB19C4903BBD1F656E8F430CCC1857AA572F5127B0B403D18A0E66F5599A56AEB76C1D58B85027E0658CB77E8AFAE91A3
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........$b.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.%...v.:...w.G...y.M...z.\...|.b...}.t.....|.......................................................................2.....r...........$.....h.....Q.......................e...........3...........o.........................................|...........,...............................................W.................{.......................z.......................C...................................l.............................x................................... .................. ....8 .....!.....!....d"....."....|#.....$.....$.....$.....%....|&.....&....''.....(.....(....e).....)....q*....9+.....+.....+.....,................./...../.....0..../1....g1....,2.....2.... 3....b3....>4.....5.....5.....5.....7.....7.....8.....9.....9.....:....$;....h;.....<.....=.....>....b>.....?....c@.....A....aA.....B.....C.....D.....D.....E.....F.....G.....H....;I....6J.....J....)K.....L.....L....sM.....M.....N.....P.....P

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\mr.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1071400
                                                                                                                                                                                                                      Entropy (8bit):4.289671062112699
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:B6E8DF7BF6E012274E103EF010B257B5
                                                                                                                                                                                                                      SHA1:25F2986210FAFB7987EDD35490565C9DD5AABE99
                                                                                                                                                                                                                      SHA-256:2B1B62B876AB7E36DDCDF0D25185F720A479EB778874FECBD87BA9CDC1E8FE90
                                                                                                                                                                                                                      SHA-512:12E03964EE9807C71801A5786128F63F33D1F5C1BE7901DB8F68A8465423D6877D2B17A02ADA7D220D0ACA26D3C646C605AFC30B789266316F46742BA52646F0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.....h.....i.0...j.<...k.K...l.V...n.^...o.c...p.p...q.v...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................%.....&.....'.....,.....N.....p.................3.....k.....).....e.................X.................!...........H.....N.....K...................................4.................4.....T.....^.....<.................v...........}...............................................q...................................`...........m.................w...............................................X...................................6 .....!.....!....]"....."....P#.....$....q$.....$....T%.....&....m&.....&....`'....*(.....(.....(.....).....+.....+.....,.....,.....-.....-.....-..........D/....z/...../....h0.....1.....1.....1.....2.....3.....4.....5.....5.....6.....7....S7.....8....|9.....:....N:.....;....]<.....=....C=.....>.....?.....@.....A....[B....eC.....D....sD....|E....ZF.....F.....F.....G.....H.....H...."I....CJ....7K.....K

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\ms.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):485734
                                                                                                                                                                                                                      Entropy (8bit):5.249037126713901
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:43605568EE2C8CFCB759689BA60FC28A
                                                                                                                                                                                                                      SHA1:B7EFD59598ED7F2C16FA1E0621AA77FA0C055CA9
                                                                                                                                                                                                                      SHA-256:7DE3C0021D72664D577296CB1B450EB4C0935FD7F95B3BB89AACE4C3399BD1A6
                                                                                                                                                                                                                      SHA-512:8AEB9750AD95EA863666CD312C9F7DD649F9F8A0536F1B95FD38A27A3E14D860DED10DBEDCE213050906C124814365CCA6857807B4D0C2CAC91B12ED7E465D33
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........$Y.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.%...t.....v.C...w.P...y.V...z.e...|.k...}.}...........................................................................................................s.................N.......................p.................7.......................Q.......................E.......................G.......................m...........&.....>.............................k.......................Y.......................v...........C.....U.............................b.......................8...............................................+.......................$.............................r.......................e.........................................5.............................g.......................J.....s.................3.....h.......................+.....7.................).....8.................F....._...........V.................(.......................@.............................d.......................D.....q.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\nb.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):472861
                                                                                                                                                                                                                      Entropy (8bit):5.422132914928992
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:81BBDD86CC265C66AF7F5785E3B3ABB2
                                                                                                                                                                                                                      SHA1:DC2F475A77F45D1ED22E1D3C62E0EC254A2E43F2
                                                                                                                                                                                                                      SHA-256:ACA3663AB538F885D1CFB50A0519CB877C2795113C60BB174B781AAFBB37D5E7
                                                                                                                                                                                                                      SHA-512:551E7C30D4742F307E2FEEDB206DCD6BD709ACC4229C646C46DF80E46628BE835CC423D90CEED33C16FB2D9BB5282F6446EDD38FD0B5A71041DCA7281F39F458
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#v.e.x...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.%...y.+...z.:...|.@...}.R.....Z....._.....g.....o.....w.....~...........................................................l..........._.....t...........=.....v...................................i.......................j.......................X.......................Y...................................*.....M...........Z.................4.......................p...........5.....O...........o.......................z.......................O.....t.................2.....W.....g.................f.....z...........:.....h.....x...........@.....r.................5.....^.....n...........,.....Z.....h...........R.......................`.......................D.....c.....|...........).....K.....]...........J.......................t.................!.......................6.......................D...................................W.................H.....t.................#.....@.....N.................G.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\nl.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):486574
                                                                                                                                                                                                                      Entropy (8bit):5.367625607759673
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:FDD9214E7E7E003745850E90D6769981
                                                                                                                                                                                                                      SHA1:F3F5ECC21F1246B4950206DA349DD14D2F379060
                                                                                                                                                                                                                      SHA-256:6153F823E41D4FF157F66A8F951955C7AF618C05D347879D688E26E7547FDEE3
                                                                                                                                                                                                                      SHA-512:F74FD6D6306C97A2B10424F177DF0A5C82AED74DA1D38AB8F6F1D4FA35382D8BDD6E4542AEDF026E9FD6013876407B1B8D6E1BD5D1B92D8E41D1BBE31A9B0483
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.H...h.P...i.a...j.m...k.|...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......$.....).....1.....9.....A.....H.....O.....V.....W.....X.....Z.....f.....v.................'.......................v.................&.................R.....h...........5.....k.................-.....V.....e.................9.....G.................V.....w...........O.......................d.......................s.................1.......................z...........9.....R.......................).....w.......................K.......................:.......................<.......................!.....t.......................S.......................H.....|.................g................. .....v.......................\.....}.................J.....r.................V.......................[.....y.................Q.......................f.................L...........".....3...........!.....c.................S.......................<.....`.....p...........2.....`.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\pl.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):544675
                                                                                                                                                                                                                      Entropy (8bit):5.762969917801703
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:632F29DD0CA81C5521DB39C7AB387C68
                                                                                                                                                                                                                      SHA1:C7E5E050538DA5B13E40EF9485295E6F46EA75E8
                                                                                                                                                                                                                      SHA-256:1C069CDC64009D8CCB599852F313873A391C8AFA0B980C5B49FCB88579203483
                                                                                                                                                                                                                      SHA-512:19CCDCC24A76929687B291AB4C84D18DB3128A94B51998D2120F8C28F20A9CE79FDA3258E1535DFD05F7D2FC95814F38EDD50F1238A4A9916AC738AA95FC4D39
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#p.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.)...y./...z.>...|.D...}.V.....^.....c.....k.....s.....{.................................................................z...........u................._.................>.................&.................*.....@.................!.....5.................4.....F.................S.....y...........o.................L.......................b...................................R.....n.............................[.............................g.......................-.....N.....\...........%.....^.....r...........-.....`.....r...........'.....X.....h.................?.....O.................?.....P...........:.......................9.....V.....m.................7.....].................M.....b...........4.......................M.....k.................5.....[.....w...........T.................6...................................I.....t.................[.....l.......................*.................@.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\pt-BR.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):512253
                                                                                                                                                                                                                      Entropy (8bit):5.428330309782951
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:D0501E36DFE12C33987D9EB2C098E915
                                                                                                                                                                                                                      SHA1:FDAA94DA2C93872FDD89BE5712488BE994B5D098
                                                                                                                                                                                                                      SHA-256:499767591B7D9C58BAFCAFA9B46656348B2617E6EE01AD8B88D98FC225CF5EC3
                                                                                                                                                                                                                      SHA-512:E7A5ECB7F321871F3773BE8C5D0137B4B1D7093A39DEFD8159294C93829F465A6569270756721B4AABE8F5210C3B4DC901D80FAA5F7BE4E32E2A9073F7E1E4DE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#s.e.~...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.%...y.+...z.:...|.@...}.R.....Z....._.....g.....o.....w.....~...........................................................z...........b.....~...........E.....~...........!.................*.................).....>.............................t...................................P.................u.................P.......................u.................&.................a.....z.............................K.......................+.......................).......................,......................./.............................e.......................?.....m.....w...........4.....l.....}...........x.................6.............................Q.....w...........(.....S.....k...........d.................H.....m.................N.......................i.................V...........0.....F...........G................. .....n.......................F.....l.................Y.................'.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\pt-PT.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):513655
                                                                                                                                                                                                                      Entropy (8bit):5.4055133054538755
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:A4EEFC130C14CA510DB54D1EEF0DEE0D
                                                                                                                                                                                                                      SHA1:8F8B9013CE3377D9734EBB2F91D02BA0E990013A
                                                                                                                                                                                                                      SHA-256:8CA2AE8E4C30A46DACD4DAA4D7EAE85CED7A9AD7F06595CC53057486777F448F
                                                                                                                                                                                                                      SHA-512:8EEEE12F629FC2CC17969DE55C55DA379D766FFBC9AF448564E6D84278CC2D6D657E5C51BA3968197FE89C6A79DB54B701C809F4F8F2C0D206F7F62F458F8B11
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........$_.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s."...t.+...v.@...w.M...y.S...z.b...|.h...}.z...........................................................................................................x.................^.................G...........'.....B...........-.....q.................8.....b.....r.................F.....X...........F.................,.......................f.................*.................).....9.................W.....l...........b.................7.......................".....|.........................................*.......................2.............................s.......................L.....y.................:.....n.................].......................m.......................2.....L.....]...........!.....N.....h...........A.......................W.......................A.....w.................M.................;...................................e.................l.......................`.......................h.......

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\ro.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):532676
                                                                                                                                                                                                                      Entropy (8bit):5.4567665513725006
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:D50B85A8AC999AABAE4B1B6CC17D74C3
                                                                                                                                                                                                                      SHA1:BE68A7F32BDBBDF000D1A24B2773F65A7EEE248B
                                                                                                                                                                                                                      SHA-256:1E2D17CF43D74B01FBF018C29B121A6A6C3E39E251B2C6892EF64192C9B2E293
                                                                                                                                                                                                                      SHA-512:71ACD5F8D82989CB5F4EEA7D06E03B65BE50E124F6D09AC13AFEDAF70E78BB9949E50E2A229FD99C245F7BEA745D0F50AFE39AFFE89BDD9A9996AD5B51F39DC5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#~.e.h...h.p...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z."...|.(...}.:.....B.....G.....O.....W....._.....f.....m.....t.....u.....v.....x.............................E...........#.....=.................7.....K...........R.................C.......................c.......................F.......................U...................................P.....t...........R.......................v.................1...................................R.......................=.....Z.......................).....z......................._.......................\.......................I.......................#.....o.......................W.........................................Q.......................!.....i................. .....n.................;.................&.....x.......................i................. .................$.....9...........6.................+.......................x.................(.....|.......................~...........=.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\ru.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):872192
                                                                                                                                                                                                                      Entropy (8bit):4.828791027749602
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:AA90E5F8F80EF5D1C4D723800D1E7CCA
                                                                                                                                                                                                                      SHA1:8D2D0A914EECDCCDBFF50164849B55199350A007
                                                                                                                                                                                                                      SHA-256:27F2CF880EA7F21467D9796D835E979DACAD678C307C97E7F95CB0A4484E6D49
                                                                                                                                                                                                                      SHA-512:38812CAF426C212FAF8E337F5D68179F7B4E8EC1D85137E53156F6FB88AF888D8405CC3373F70B835661BFF06456F5C1611C16EAF51B1F0783A7EF6CF29E818C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........F#..e.*...h.2...i.C...j.O...k.^...l.i...n.q...o.v...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................#.....*.....1.....8.....9.....:.....<.....Y.....v.................v.....6...............................................I.............................L...........5...........=.....`.................V.....m.....!.................O.....B...................................d...........@...........!.....F.................(.....U.....Y.....S..........."...........5.....b...........#.......................d.............................$.....]...........(.................'...........*.....e.....|...........y.................G...................................d...................................Y.....................................................3...............................................L.................. .....!....r!.....!....o"....'#.....#.....#.....$.....%.... &....q&.....'.....'.....'.....'....}(.....(....+)....D).....*.....*....9+

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\sk.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):549690
                                                                                                                                                                                                                      Entropy (8bit):5.815977918082208
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:61214CDBA9615EFD99D2FFB40C32EDE5
                                                                                                                                                                                                                      SHA1:37BE7B775B3A69CC17E5D62FF2DC8C97C0F0A856
                                                                                                                                                                                                                      SHA-256:ED41BDE2844987F331D411C395B9ABB1581649C1859A2E2966A396528DE22D83
                                                                                                                                                                                                                      SHA-512:6915E25C7DB5E380AE135E668C951B0EE0EC615537959269C4890C9625D0C3740E9687296F1BAACB84D5B15B71198FE4A8CDCDB67109E3BC03F42DBB432E2CAA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#{.e.n...h.v...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.-...|.3...}.E.....M.....R.....Z.....b.....j.....q.....x.....................................................v...............................................i...........=.....W...........(.....a.....x...........G.....v.................B.....k.................X.................M.................<...........3.....n.................j.................=.............................3.......................U.....u.................K.....q.................D.....k.....}...........].........................................0.......................A.......................`.................!...........;.......................>.....Y.....m...........".....>.....S.................U.....e...........b.................7.......................;.......................[................."...........].................X.................!.................!.....5.........................................S.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\sl.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):528009
                                                                                                                                                                                                                      Entropy (8bit):5.4869908228721656
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:3F3D2C34DCE213CEE8AE4BDDDD371833
                                                                                                                                                                                                                      SHA1:2ACFB5A6FB973797557ED1A3D805F09C3DE7CCF9
                                                                                                                                                                                                                      SHA-256:86EFDB2664DC2E81D4592E1EB704417B10C5AAF024A9A9B67F232905BEAB71AA
                                                                                                                                                                                                                      SHA-512:590F915E97BACBAB751B62803A9FC4B76538F7921904BE92B739F2A0C65A9E93EE251B90595D266EB63192D109755C15F32640D4A2DA408BDB806D188AA450B4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.F...h.N...i._...j.i...k.x...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}....... .....%.....-.....5.....=.....D.....K.....R.....S.....T.....V.....h.....v.................+.................&.................-.....>...........J.........................................#.............................r.................'.......................g.................3.................K.....a...........5.....l.................z.................k...........<.....b.................(.....@.......................%.........................................<.....P.................J.....[...........A.......................S.......................W.......................s.................*.............................d......................._.................0.......................a.......................Z.......................z.................,...........v.......................6.................5.......................1.......................#.............

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\sr.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):813242
                                                                                                                                                                                                                      Entropy (8bit):4.758280876924063
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:05AD63AE6D15872B08AF36907D586EB2
                                                                                                                                                                                                                      SHA1:210D346D5DA415302D4078CB699724734C4908EB
                                                                                                                                                                                                                      SHA-256:41C0932BC02A11EB1CCF57A35DD5558D73FFBCC03A3EEA81B232CD8FAE02B088
                                                                                                                                                                                                                      SHA-512:2BAFBDE3B7CB3538150E24FEF5F23A142D4E12BD48ECF5FFE42B206228A49490184E5F445ED997703A08D7081AFDF0237EB4110502A85600E244F8FECDED5B49
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#p.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.+...y.1...z.@...|.F...}.X.....`.....e.....m.....u.....}...........................................................=.....*...........k...........c...........p.................Y...........!.......................G...........v.................u...........2.....I.......................E.....E.............................+.................t...........m...........x...../.............................g...........4...................................<....._...........\.................w...........x...........G.................=...........V.................X.................<...........k.......................Y.............................;.....c...........r.......................$.....q...........^ ..... ....Q!.....!....D".....".....".....#.....#....d$.....$.....$.....%....E&.....&.....&.....'.....(....I)....g)....U*.....*....n+.....+....r,.....,....Q-....r-.....-....m................../....;0.....0

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\sv.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):474709
                                                                                                                                                                                                                      Entropy (8bit):5.542914789734541
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:5AA877385055970F5288E6CE8A36B832
                                                                                                                                                                                                                      SHA1:D29B20C0185DECA614EAFB850442D8634396842C
                                                                                                                                                                                                                      SHA-256:9335FEF50F8D3CD3E9A5B91035604489791CA4EDB360C74904AFD4B633176AF9
                                                                                                                                                                                                                      SHA-512:D4AB22E818466962D668FADD2B765FF8D293829F8E89C23DEB5C6D4FD73C2ECA026B61C1EEB983BF64E5633DE59E58A5EFFF60965B437018AFBA6C033C95A0CA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.....h.....i./...j.;...k.J...l.U...n.]...o.b...p.o...q.u...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................$.....%.....&.....(.....9.....K....._.....s...........x.................?.......................{...........H.....a...........1.....j.................<.....k.....{...........;.....l.....|...........`.................2.......................e.......................o.............................*.....u...........&.................3.............................`.......................=.......................1.......................>.......................3.......................#.............................~.................%.......................:.............................c.......................4.....U.....g...........?.....|.................`.......................Q.....y.................G...................................................../.....U...........!.....Q.....d.......................*...................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\sw.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):499965
                                                                                                                                                                                                                      Entropy (8bit):5.341522998917434
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:F86F632B6792648370CEBA1CD64B5FAB
                                                                                                                                                                                                                      SHA1:670A040211C7CCFBF41C1727EC0FDECDB5103F4D
                                                                                                                                                                                                                      SHA-256:A6C65F289F1D2B07131E4831B9B2E3BDD6852F14EFF6072B1177DC4729EFD6A6
                                                                                                                                                                                                                      SHA-512:F707F7EEC312AA0E25F32794A1FEF697BCC91D017503EFC99AF30B0C3F62278278B5A1C24CE6E8843E3DFF74BB7FF134901E532CA797F8876D0EA413E378C2DB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.d...h.l...i.w...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|. ...}.2.....:.....?.....G.....O.....W.....^.....e.....l.....m.....n.....s.............................E.................*.................8.....J...........=.......................V.......................G.....r.................,.....[.....i...........6.....j...................................e.......................s.......................t.................!...........0.......................P.....x.................!.....D.....M.........................................G.....U.................:.....L.................M.....X................./.....<................./.....8.................b.....{.................Z.....v...........8.....i.................J.......................r.................H.......................#.....p.................1.......................p...........E.....Y...........;.....~...........$.......................V.......................x...........+.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\ta.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1291590
                                                                                                                                                                                                                      Entropy (8bit):4.0384406219936135
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:C40746A823E8898BF12837EE18DD928F
                                                                                                                                                                                                                      SHA1:2ABE8E39221B2C0E5E2029FA074E66C42BCA6A0D
                                                                                                                                                                                                                      SHA-256:4CDA9C2DFDC9D6A9ECAB3862AC3D54E2236C2EF1C6B3267224EC5AB3C023588C
                                                                                                                                                                                                                      SHA-512:DAF2323C8CDECDCECFC59378DA32B5581AACF59B20600D15C71A965D28D51EA687B8DE84B6910378FC8B70FA567DF737848E49E27D413CC0F26E8873C104D90C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.2...h.:...i.K...j.W...k.f...l.q...n.y...o.~...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................#.....+.....2.....9.....@.....A.....B.....G.....u.................D...........?.............................j...........2...........d................./.............................Y...........t.....V....................... .................w...............................................E.....m...........A...............................................".....%...........B...........w.....S ..... ..... .....!.....".....#....C#....n$....x%.....&....V&....M'....>(.....(.....(.....).....*....=+....k+....d,....T-.....-................./....d0.....0.....1....D3.... 4....d4...._5....G6.....6.....6.....7.....8.....8....P9....%:.....;.....;....&<....O=....]>.....>....e?....=@.....A....SA.....A.....B.....C....eD.....D....5F....HG....)H....zH....fJ....PL.....M.....M....NO....[P.....Q.....Q.....R.... T.....T....1U....5V...."W.....W.....W.....Y....CZ.....Z

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\te.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1194507
                                                                                                                                                                                                                      Entropy (8bit):4.29113513748681
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:D81A2BA2AC41B03B745C9E92CA10A1D2
                                                                                                                                                                                                                      SHA1:8A25ADEFC1879CD49CCF794291A1A8048B8EE8D0
                                                                                                                                                                                                                      SHA-256:B1D4208C5B2A2B6C754E5BD9EDB6A1692F738C77055544759E91D37971242247
                                                                                                                                                                                                                      SHA-512:CE0A72BF75FCA0DED1C48ACAB282BEFE7D8F239715D9FB015F699486F8CB40489B20FDF09741DB6D432B3DE29DC1BD50D1174F31DE74CE243DCE861E31830621
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........$b.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.%...t.....v.C...w.P...y.V...z.e...|.k...}.}.............................................................................).....f...........X.......................-...................................t.................#.....................................................g.............................O.......................<.....r.....f...........=.....y.....p...........C...............................................5..... ...........%.....Z...........H..................!.....!....8"....y".....#.....$....D%.....%.....&.....'....&(....m(.....)....^*.....*.....+....5,.....-....{-.....-.........../....00....t0.....1.....2....`3.....3.....4....U5.....5.....5.....6....W7.....7.....7.....8....>9.....9....7:.....;.....<.....=.....=.....>....p?.....?.....@....XA....6B.....B.....C....RD.....E.....E.....E.....G....NI.....J.....J....BL....SM.....N....~N.....O.....P....MQ.....Q.....R....lS.....S.....T....nU....iV.....W

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\th.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1005091
                                                                                                                                                                                                                      Entropy (8bit):4.332850629438999
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:0FA8CEF6A7546CC2F87521BCFCA03888
                                                                                                                                                                                                                      SHA1:D8F89876F775EF87D98B4B6AFA5B6744744DDF8A
                                                                                                                                                                                                                      SHA-256:550778E1C1FD1F10228280198C4F8E58448D211BBF55306476521D1AE2079A7E
                                                                                                                                                                                                                      SHA-512:B1FC9C4C7252C16DE7AC0597240E2BC47C95CCD0C970FB52C0150F669D4B370790655C6E8C1F5D5D45C8B9C01B1D71B2D57EC5E89A3666635ED0FDF45AB0AEB6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#D.e.....h.....i.....j.....k.....l.....o.....p.!...q.'...r.3...s.D...t.M...v.b...w.o...y.u...z.....|.....}.....................................................................................;.............................r...........y...........z.............................]...........q...........d.........................................X.....q...........O...........8...../...........@..........._.......................y.............................*...............................................Y.......................d.......................N.......................V.......................v..................................."...........l.......................g........................ ..... .....!.....!....D"....."....."....~#.....$....I$.....$.....%.....%.....&....5&....U'.....(.....(.....).....)....%*....\*.....*....a+.....+....J,.....,.....-......................./.....0....R1....s1.....2.....3....w4.....4.....5.....6.....6.....7.....7....z8.....8.....8.....9.....:....X;

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\tr.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):510584
                                                                                                                                                                                                                      Entropy (8bit):5.613516940837071
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:4B97981F7DBEF977A55FC3D3C18A6636
                                                                                                                                                                                                                      SHA1:A4BE048D053F6AF4F17151EC3993BD218B32B973
                                                                                                                                                                                                                      SHA-256:47A5AF272D4512C6449F8C970444A35E8233D1BB881F56E287CF30F7C3B97A42
                                                                                                                                                                                                                      SHA-512:D2BCCB3B64569205F70CB58A813798D76AF7A8AD3F8EF63A260DE93E278B7CABEAE739CF214F8A4BD18877DB13149397C498CB8A8A973D634A2E477B80679CF3
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........$E.e.....h.....i.....j.....k.....l.....n.....o.$...p.1...q.7...r.C...s.T...t.]...v.r...w.....y.....z.....|.....}.....................................................................................-.....G...........j.................I...................................>.....Y.................U.....h.................8.....G.................*.....<.................>.....`...........S.......................x.......................o.................$.......................o...........'.....?.................).....E.................3.....D.......................>.................@.....M.................S.....d...........%.....W.....d........... .....P.....\...........!.....U.....b...........g.................9.......................:.............................n.................-.......................K.......................2.......................J.............................H.................`.................@...........F.......................l.................&.............

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\uk.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):872242
                                                                                                                                                                                                                      Entropy (8bit):4.86201616050437
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:E6C8170931FE28A984B01060EAD7B7C0
                                                                                                                                                                                                                      SHA1:7FC97F7CF9247C3297ED465D109150CBB7082FA4
                                                                                                                                                                                                                      SHA-256:6F5925D406AA8875FBCE6C66F59D79D1DACDC212C697DB3F8754C6F31B814198
                                                                                                                                                                                                                      SHA-512:2A23693034325BA54A0FC3903D0F270F0D239A7CD41A839D65765E380395292B8CCB1066B038915EC17274C2A202DB13BC43A55F2E91103349F38527BCA0594A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.....h.....i.....j.....k.....l.....n.!...o.&...p.3...q.9...r.E...s.V...t._...v.t...w.....y.....z.....|.....}...............................................................................%.....O...........u.....8.......................1.......................?.......................Z.......................,.................J...........6.....K.......................,.................[...........I...........C.....i.......................&.......................1..... ...........l...........4...................................L.....m...........l.................|...........z...........6.................+...........<...............................................&.....p.................T.......................1.....u.................m.................i.............................L...........; ..... ....<!....p!.....!....D".....".....#....5#.....$.....$.....%....>%....0&.....'.....'.....'.....(....o).....)....9*.....*....x+.....+.....+....y,.....,....5-....R-....&...........B/

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\ur.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):763414
                                                                                                                                                                                                                      Entropy (8bit):5.133905236966471
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:1771280387506AA6F104B1DF9BE538A8
                                                                                                                                                                                                                      SHA1:7DF86F372D6EB9127B93364E840B68E11D8E6627
                                                                                                                                                                                                                      SHA-256:26310F300B2A097EB98F1718F8D1196DB294D9361E53C6A05070FAE61CA73C83
                                                                                                                                                                                                                      SHA-512:10E710F52F41BE2A943AFD787E6867A1F6878C74D0BEC5512B7AB02450EF3D31CBF2E5C7A9502178BBC9C80B59B5A5E03BCD6B36912ED6E755BFED4A845D3EB7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.`...h.h...i.p...j.|...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.+.....3.....8.....@.....H.....P.....W.....^.....e.....f.....g.....l...................................v...........&.........................................1.....f................. .....D...........O.................R.................A...........M....................... .................d...........T.....s.......................4.................A.....m.....K.......................F...................................@.....b...........K.................C.................5...........T.................V.................9...........5................. .............................{..........."...........2.....x...........(.......................q...........1.....R.......................T...........U.................a...........< ....b ....4!.....!....."...._"..../#.....#....f$.....$....n%.....&.....&.....&.....'....;(.....(.....(....e).....)....!*....N*.....*.....+.....+

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\vi.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):604151
                                                                                                                                                                                                                      Entropy (8bit):5.792840024784761
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:4B385677EAC987418833B06140EB8837
                                                                                                                                                                                                                      SHA1:A0DD38F682F0766E7CC076B0BD7516A6880B56C1
                                                                                                                                                                                                                      SHA-256:B6BA5E4315571B6793BBEF526CD2A97C4210B6D9E78BCC0C347CDA0E80FBCC63
                                                                                                                                                                                                                      SHA-512:0B9A61C554D8386A25846BC66F5AEE9497A687493C6F330C77661E6B409533CB6BA7A02C2D6E003075883D0B17577A05CC4EDEE897BAD02027C62E10EECDB8D5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.........#..e.....h.....i.....j.....k.....l.....n.....o.....p.$...q.*...r.6...s.G...t.P...v.e...w.r...y.x...z.....|.....}.....................................................................................(.....G.......................9...........M.................g...........[...................................B.......................7...................................S...........E...........W...............................................K.....b...................................`.................d.......................~.................).................E.....V...........T.........................................3.......................H.......................[.............................f.................k.................6.................5...........,.....b...........+...........'.....v...........Z.................?...................................[...........%...........;.....O.......................L...........5.....j.................V.................; ..... ....#!....D!

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\zh-CN.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):436973
                                                                                                                                                                                                                      Entropy (8bit):6.662672185740202
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:962F033ABAAD07DE0457CBB588F0F70B
                                                                                                                                                                                                                      SHA1:D5AD47031A15577897528113C77EC4B003FC62DF
                                                                                                                                                                                                                      SHA-256:C43D83145A3B4F1DBC388DD8173AC36412D4050B6BCEA11D1B1AE0154C40A458
                                                                                                                                                                                                                      SHA-512:8E1F5271CD04FEB72E8B72E5820EDB2B77E291AEE8BE083B3AEE252EFE2881F95DA6C726BAB8EB2C746D5A5C480C336F16C278D6651C95B47F214796A1F4270C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........h#..e.n...h.v...i.~...j.....k.....l.....m.....o.....p.....q.....r.....s.....t.....v.....w.....|.....}............. .....+.....3.....B.....G.....O.....V.....]....._.....d.....m.....y.........................................K.......................I.......................T.......................X.......................0.....}.......................^.......................y.................+.............................n.......................Z.......................p.......................O.....i.......................<.....H.............................o.................$.....w.......................W.......................<.............................f.........................................(.....q.......................M.....r.................@.....d.....v...........#.....W.....w................. .....,....................... .......................7........... .....h.....z...........F.....~.................C.....i.....x.................).....9.......................+.......

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\locales\zh-TW.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):432313
                                                                                                                                                                                                                      Entropy (8bit):6.674047317815154
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:197D67966B364D93432D0BAE9EC4A38E
                                                                                                                                                                                                                      SHA1:81C56F5C6746ABF6704B086DD43693ED0233B2CA
                                                                                                                                                                                                                      SHA-256:7684A1001DBA5ACB07B13C530CD76A33DEAE9AA22BA56203756894423131947E
                                                                                                                                                                                                                      SHA-512:A366092631E5CD9E2E8EAE60485C526C7227DEC3207C2B64A64CC065339E46FEA79DED6F0341EBAD346BE58136B460309BEF2CB54A13405BB88BA7509243D61E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........H#..e.....h.6...i.G...j.K...k.Z...l.e...n.m...o.r...p.z...q.....r.....s.....t.....v.....w.....y.....z.....|.....}..................................... .....'.....)...........7.....C.....R.....a...........Q.......................I.....r.....~...........>.....p.................;.....k.................(.....Q.....].......................'.............................y.......................q.......................Y.......................H.......................^.......................d.............................b.......................-.....P....._.................0.....<.............................r.......................Z.......................2.......................#............................._.....y.................%.....?.................#.....5.......................6.....|.......................7.......................".....n.................+.......................f.......................x.......................B.............................O.....v.................A.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources.pak

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5490791
                                                                                                                                                                                                                      Entropy (8bit):7.995643167540278
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:1F8CC7B280B1BA74E784B2FF7CF74F95
                                                                                                                                                                                                                      SHA1:602CF5248E8C47D803480B1BF21A674E4D22D2B9
                                                                                                                                                                                                                      SHA-256:8B6EFFC81CFB127E62C4D89681DC5764DB013429769D792A25588773C8834697
                                                                                                                                                                                                                      SHA-512:4F8FE54BC3B80F40745844656895261AF11D96800DD5B472065867F88BFD78AE5D7754709FF566B79E6F75257E2685153E2EFCDAE46D95753A30EE3E48870A49
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........2...f.J...{..)..|..,..~.40.....B.....D.....F.....Q..........K.....r...........G.................H.....-.....Z...........(................<.....<j....<.....<.....<N....<.....<.....<y....<.....<.3...<.:...<.>...<.>..2=.>..3=.B..4=|D..;=.I..<=.R..==pa..D=....E=u...F=....H=....I=....r=K...s=F...t=....u=....v=....w=....x=.....=.....=E....=9...8E....]Eg...^E...._Et...`Ek...aE+...jE.&..kE.8..lE.J..jJ&S..kJ._..lJ.g..mJbk..nJHn..oJ.x..pJ.z..qJB{..rJ.|..sJ....tJ....PK+...QK....[.....[.....[.....[.....[<....[.....[.....[."...[.1...[.5...\.;...\dJ...\YM...\.R...\.S...\6U...\.V...\._...\.e...\vk...\nv...\.|...\.....\.....\....\.....\....\p....\3....\.....\.....\N....].....].h...].m....o....r..............7........7....(...................................I....1.........................O.....%...........<.................rw................T...........b.....u.....b...........2........".....#.....d.....e.D...f.....g.....h.....i.\...j..!....E%.....%..Z.....d..q..e.2u

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):9089483
                                                                                                                                                                                                                      Entropy (8bit):5.76822087975522
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:AAC5D4FA92A9488D3A5C8B84EAC88D0D
                                                                                                                                                                                                                      SHA1:A5BE44FAF880D2681EE65D3E2B14BA7559724464
                                                                                                                                                                                                                      SHA-256:0C79287AD37A550B786EF5752EAF36963DA07F210A998BC37D59DDF0703D34C5
                                                                                                                                                                                                                      SHA-512:DE5A111E9B4C9DEAFB08DD6ED2863C3468BF868F1EC92F466BE6EC8EA417C33F293899E71B7FC924D4887E239E387883167271BBB71644273362B8F191762256
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.....K...K...K..{"files":{"node_modules":{"files":{"@gar":{"files":{"promisify":{"files":{"LICENSE.md":{"size":1094,"offset":"0","integrity":{"algorithm":"SHA256","hash":"ef7d10c21fe01e47a90973abda734e9be75162e5f561a84e95c5dcb9adbb89ea","blockSize":4194304,"blocks":["ef7d10c21fe01e47a90973abda734e9be75162e5f561a84e95c5dcb9adbb89ea"]}},"index.js":{"size":967,"offset":"1094","integrity":{"algorithm":"SHA256","hash":"a4fe100eb176ab95328881fe9490ac91e72d3d2992ac7fb2b9562d264156a8a3","blockSize":4194304,"blocks":["a4fe100eb176ab95328881fe9490ac91e72d3d2992ac7fb2b9562d264156a8a3"]}},"package.json":{"size":440,"offset":"2061","integrity":{"algorithm":"SHA256","hash":"8012d0cdd159557951b1cb6e25177feb5e6f01d007f09adacf897335db41be99","blockSize":4194304,"blocks":["8012d0cdd159557951b1cb6e25177feb5e6f01d007f09adacf897335db41be99"]}}}}}},"abbrev":{"files":{"LICENSE":{"size":2011,"offset":"2501","integrity":{"algorithm":"SHA256","hash":"9e0d5c7989f7e9f07d7c4b158aceff270f235eb7464ace41c5e7b200834a4

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\.prettierignore

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):102
                                                                                                                                                                                                                      Entropy (8bit):4.331589587768789
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:8BFA0767133CF5A88CB8B59C50F572C8
                                                                                                                                                                                                                      SHA1:65A2FD7EF93BD79780933E585D9FCE26024801A5
                                                                                                                                                                                                                      SHA-256:12FA21EEE0C543B12B40854C69351B4380CB40C787086A7FD84AB2FE57EE732F
                                                                                                                                                                                                                      SHA-512:E37417405CEC0C2504DA45C6411DC5394F55F58FA520B67D7C8FD6F4CC9BC580243F16B393A3A300CFB66F0CD110372C7190F8E5EAE7737D9CC0C9F8AE930B34
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.vscode...prettierrc.yml..benchmarks/...gitattributes...yarnrc..vendor/..yarn-error.log..build..dist..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\LICENSE

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1092
                                                                                                                                                                                                                      Entropy (8bit):5.143012802579419
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:3B61E428C54A07B7248645DFEDB36013
                                                                                                                                                                                                                      SHA1:0ACE4B8D51EB110CC2DECD48F175EF075EB417AF
                                                                                                                                                                                                                      SHA-256:371FCC6C09ADA2D6103115F65CBE5E892893086C3ABE837859753150FCFB808E
                                                                                                                                                                                                                      SHA-512:85FB8BA315F84E660225D3C280CE15B69401847A07DCF083F48EDAFC20A704FFA8D358EA05EA447DA5727BF8E3BFB951FF36A07AC8F2C13C362461727145BA4A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MIT License....Copyright (c) 2017 GitHub Desktop....Permission is hereby granted, free of charge, to any person obtaining a copy..of this software and associated documentation files (the "Software"), to deal..in the Software without restriction, including without limitation the rights..to use, copy, modify, merge, publish, distribute, sublicense, and/or sell..copies of the Software, and to permit persons to whom the Software is..furnished to do so, subject to the following conditions:....The above copyright notice and this permission notice shall be included in all..copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,..FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE..AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER..LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.node.recipe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):358
                                                                                                                                                                                                                      Entropy (8bit):5.010107582434513
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:39EEA2CCCDE33B9C0258EC07195E917A
                                                                                                                                                                                                                      SHA1:04B9F033567B2F04A4AA3F6598AE4A22C4C30651
                                                                                                                                                                                                                      SHA-256:6D61050B076FE4E0FD609F0170F3F0C087738A7E1EA790254DE37249A02DEEBE
                                                                                                                                                                                                                      SHA-512:51AACAD23A65A77DC8AD3194A0508AEA225828193FDCB03C03B3AB1DA552CAB82451149040BDDBBA4C08B96D941D049D93BE17A669A16B629B5EFE8D84DC180A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project>.. <ProjectOutputs>.. <ProjectOutput>.. <FullPath>C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build\Release\registry.node</FullPath>.. </ProjectOutput>.. </ProjectOutputs>.. <ContentFiles />.. <SatelliteDlls />.. <NonRecipeFileRefs />..</Project>

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.tlog\CL.command.1.tlog

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (1599), with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):6838
                                                                                                                                                                                                                      Entropy (8bit):3.6269428327970608
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:76A074177A008BD6592CC7C0CD27832E
                                                                                                                                                                                                                      SHA1:B95F52445D29785609953E0CB87F90453DE56F27
                                                                                                                                                                                                                      SHA-256:DFB9A548636D573AAD5CA15347B7963D4AB78D2430DDAD6247B14EC4A5AE3855
                                                                                                                                                                                                                      SHA-512:A90658F17922007EC2F7F9F215BF25CB7D99EC915870A49FC3F0D9F8B79FC619E6B50C8D63BF1009FA09C29454790AA02BBC0C732C56506A7B9A61B7D8779620
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:..^.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.S.R.C.\.M.A.I.N...C.C...../.c. ./.I.".C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\...E.L.E.C.T.R.O.N.-.G.Y.P.\.2.8...0...0.-.A.L.P.H.A...6.\.I.N.C.L.U.D.E.\.N.O.D.E.". ./.I.".C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\...E.L.E.C.T.R.O.N.-.G.Y.P.\.2.8...0...0.-.A.L.P.H.A...6.\.S.R.C.". ./.I.".C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\...E.L.E.C.T.R.O.N.-.G.Y.P.\.2.8...0...0.-.A.L.P.H.A...6.\.D.E.P.S.\.O.P.E.N.S.S.L.\.C.O.N.F.I.G.". ./.I.".C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\...E.L.E.C.T.R.O.N.-.G.Y.P.\.2.8...0...0.-.A.L.P.H.A...6.\.D.E.P.S.\.O.P.E.N.S.S.L.\.O.P.E.N.S.S.L.\.I.N.C.L.U.D.E.". ./.I.".C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\...E.L.E.C.T.R.O.N.-.G.Y.P.\.2.8...0...0.-.A.L.P.H.A...6.\.D.E.P.S.\.U.V.\.I.N.C.L.U.D.E.". ./.I.".C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\...E.L.E.C.T.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.tlog\CL.read.1.tlog

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):63754
                                                                                                                                                                                                                      Entropy (8bit):3.4614895529602623
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:12B442AFC82726E201B3C3B9DC3EBE0E
                                                                                                                                                                                                                      SHA1:0F1E5D3FFD84724022F13AB9840E79C304E73887
                                                                                                                                                                                                                      SHA-256:DAA9FE15DA53F9DE30E56ED6728C85CCE8DE546E05F167911254875201F8405C
                                                                                                                                                                                                                      SHA-512:74F169BBFAB15E243496378B9AE3AE80EDF6FF14BAFB26439DAF7F1F645E27136E2A96C7921FB5087D529E70925DBFFBB7C34B6EC6A0E874E678C33D3DEA1275
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:..^.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.S.R.C.\.M.A.I.N...C.C.....C.:.\.W.I.N.D.O.W.S.\.G.L.O.B.A.L.I.Z.A.T.I.O.N.\.S.O.R.T.I.N.G.\.S.O.R.T.D.E.F.A.U.L.T...N.L.S.....C.:.\.P.R.O.G.R.A.M. .F.I.L.E.S.\.M.I.C.R.O.S.O.F.T. .V.I.S.U.A.L. .S.T.U.D.I.O.\.2.0.2.2.\.P.R.O.F.E.S.S.I.O.N.A.L.\.V.C.\.T.O.O.L.S.\.M.S.V.C.\.1.4...4.2...3.4.4.3.3.\.B.I.N.\.H.O.S.T.X.6.4.\.X.6.4.\.1.0.3.3.\.C.L.U.I...D.L.L.....C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.N.O.D.E._.M.O.D.U.L.E.S.\.N.O.D.E.-.A.D.D.O.N.-.A.P.I.\.N.A.P.I...H.....C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\...E.L.E.C.T.R.O.N.-.G.Y.P.\.2.8...0...0.-.A.L.P.H.A...6.\.I.N.C.L.U.D.E.\.N.O.D.E.\.N.O.D.E._.A.P.I...H.....C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\...E.L.E.C.T.R.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.tlog\CL.write.1.tlog

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):992
                                                                                                                                                                                                                      Entropy (8bit):3.202206171980942
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:10B7C35F9848E9C0FF5A072817357272
                                                                                                                                                                                                                      SHA1:58E7A913CA0A4E0CCA38D19738F6E4AA6F230D17
                                                                                                                                                                                                                      SHA-256:9E5636F94F62B626ADF3EBD848ECA1C4F0401D0A95E5AE83B1AB6AF08AA51ADF
                                                                                                                                                                                                                      SHA-512:EFE1055B7BC7F07BC67F8F2838DDFB7B2EC89CEC747D850BB1534E6316AFE8FA45B384F95576840C9B809DF041BCEFED89247D498AB2164C0C88152062AB06FC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:..^.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.S.R.C.\.M.A.I.N...C.C.....C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.O.B.J.\.R.E.G.I.S.T.R.Y.\.S.R.C.\.M.A.I.N...O.B.J.....^.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.@.E.L.E.C.T.R.O.N.\.N.O.D.E.-.G.Y.P.\.S.R.C.\.W.I.N._.D.E.L.A.Y._.L.O.A.D._.H.O.O.K...C.C.....C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.O.B.J.\.R.E.G.I.S.T.R.Y.\.W.I.N._.D.E.L.A.Y._.L.O.A.D._.H.O.O.K...O.B.J.....

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.tlog\Cl.items.tlog

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):491
                                                                                                                                                                                                                      Entropy (8bit):4.564486549151659
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:2BDFA3B9EAB7B54EA0A339D5BB3B6F46
                                                                                                                                                                                                                      SHA1:E989A95174BBE00EB4A002C33FE1316748F5DBCF
                                                                                                                                                                                                                      SHA-256:F5C919B52842015CBCC9D87CFD6612E9CECD754337EA71E85FCB9A3BB19102BA
                                                                                                                                                                                                                      SHA-512:521B1455DC7B680A6D7DB6310565720AF5E3FE425A07113A67C1105713A92A924AF6200FA1562374E43E388E1A4F362D488E92E4665026CEC98B52784200D4E4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\src\main.cc;C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build\Release\obj\registry\src\main.obj..C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\@electron\node-gyp\src\win_delay_load_hook.cc;C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build\Release\obj\registry\win_delay_load_hook.obj..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.tlog\link.command.1.tlog

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with very long lines (742), with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2100
                                                                                                                                                                                                                      Entropy (8bit):3.493428326279486
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:A3C304CFA14B08D0F192845F488A81EC
                                                                                                                                                                                                                      SHA1:6814F4CB97BBA1C8E9CD0F7C8A8CEF0478216E14
                                                                                                                                                                                                                      SHA-256:18EF3F80513585753022605D674ED7F014C16DCCC457D2F0062A4ED1825A0BE8
                                                                                                                                                                                                                      SHA-512:D64D8F6D668B0F6C34BDE2CFF3B010F9239B0F9085117DD323400169459FA9EC48256664694FEF5F6F48DEA53B8C03F96B9932DE149635626C8757A00FC2E2E4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:..^.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.O.B.J.\.R.E.G.I.S.T.R.Y.\.S.R.C.\.M.A.I.N...O.B.J.|.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.O.B.J.\.R.E.G.I.S.T.R.Y.\.W.I.N._.D.E.L.A.Y._.L.O.A.D._.H.O.O.K...O.B.J...../.O.U.T.:.".C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.R.E.G.I.S.T.R.Y...N.O.D.E.". ./.I.N.C.R.E.M.E.N.T.A.L.:.N.O. ./.N.O.L.O.G.O. .K.E.R.N.E.L.3.2...L.I.B. .U.S.E.R.3.2...L.I.B. .G.D.I.3.2...L.I.B. .W.I.N.S.P.O.O.L...L.I.B. .C.O.M.D.L.G.3.2...L.I.B. .A.D.V.A.P.I.3.2...L.I.B. .S.H.E.L.L.3.2...L.I.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.tlog\link.read.1.tlog

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5562
                                                                                                                                                                                                                      Entropy (8bit):3.456032172188702
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:9ED53D6FE25C5A43AFC596A6BBC2BF67
                                                                                                                                                                                                                      SHA1:C854727A9D83A2C6E9636CC44B6B6C48A7BFF28A
                                                                                                                                                                                                                      SHA-256:E77E916122DAB0F7F82AF4B05CD8125CE9D18B7186C781F819CA637E13945DEE
                                                                                                                                                                                                                      SHA-512:03BF83B3150E4ECFF194C99027EE7962D586A8BF6B4F6791DB9EFCDCE90FD7301EFEE24033EBA83F4052FA7EC27C3236B1837980E124E46E53B6B18357E8C932
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:..^.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.O.B.J.\.R.E.G.I.S.T.R.Y.\.S.R.C.\.M.A.I.N...O.B.J.|.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.O.B.J.\.R.E.G.I.S.T.R.Y.\.W.I.N._.D.E.L.A.Y._.L.O.A.D._.H.O.O.K...O.B.J.....C.:.\.P.R.O.G.R.A.M. .F.I.L.E.S. .(.X.8.6.).\.W.I.N.D.O.W.S. .K.I.T.S.\.1.0.\.L.I.B.\.1.0...0...2.6.1.0.0...0.\.U.M.\.X.6.4.\.K.E.R.N.E.L.3.2...L.I.B.....C.:.\.P.R.O.G.R.A.M. .F.I.L.E.S. .(.X.8.6.).\.W.I.N.D.O.W.S. .K.I.T.S.\.1.0.\.L.I.B.\.1.0...0...2.6.1.0.0...0.\.U.M.\.X.6.4.\.U.S.E.R.3.2...L.I.B.....C.:.\.P.R.O.G.R.A.M. .F.I.L.E.S. .(.X.8.6.).\.W.I.N.D.O.W.S. .K.I.T.S.\.1.0.\.L.I.B.\.1.0...0...2.6.1.0.0...0.\.U.M.\.X.6.4.\.G.D.I.3.2...L.I.B.....C.:.\.P.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.tlog\link.secondary.1.tlog

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):735
                                                                                                                                                                                                                      Entropy (8bit):5.084801379447032
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:2F9B5B9E42F4AE36F85C4114BC9542F9
                                                                                                                                                                                                                      SHA1:F5F74796F750C42399188228D3A621FB8C63B39C
                                                                                                                                                                                                                      SHA-256:45F4840E7952CEE5CBC115DFD85C0F883BAB9EC539D1BAA4771E0251E7C6E481
                                                                                                                                                                                                                      SHA-512:497711FF0230A6D1BD789D7842728677D965E008810D0C88A8839AFB912103F53067054749871658FC44DB551C4239EC6D580A247F7784A67EA44A8FC4E4A33E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:^C:\USERS\ADMINISTRATOR\DESKTOP\LEET STEALER\API\CRYPTER\SCRIPT\NODE_MODULES\REGISTRY-JS\BUILD\RELEASE\OBJ\REGISTRY\SRC\MAIN.OBJ|C:\USERS\ADMINISTRATOR\DESKTOP\LEET STEALER\API\CRYPTER\SCRIPT\NODE_MODULES\REGISTRY-JS\BUILD\RELEASE\OBJ\REGISTRY\WIN_DELAY_LOAD_HOOK.OBJ..C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build\Release\registry.LIB..C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build\Release\registry.EXP..C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build\Release\registry.IPDB..C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build\Release\registry.IOBJ..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.tlog\link.write.1.tlog

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1006
                                                                                                                                                                                                                      Entropy (8bit):3.165801761884196
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:690F8A9AE7D3B059C45464FE843AD650
                                                                                                                                                                                                                      SHA1:9CF0A2596B073FE80B3AF237AD2956B5D375B33C
                                                                                                                                                                                                                      SHA-256:2EC5F24F888B0A70F4729C6C90965CCEBE2CC04C2665968E6927918BF9D18DD0
                                                                                                                                                                                                                      SHA-512:872D897A18C4A0C681106087FB838DBA5E970FC922C7288E7E50107C116CAA3E6741202C7DA0C9A7F0C4ADD58BBD62022FA90BBDB3092D960429F7B8B9D5C9D7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:..^.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.O.B.J.\.R.E.G.I.S.T.R.Y.\.S.R.C.\.M.A.I.N...O.B.J.|.C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.O.B.J.\.R.E.G.I.S.T.R.Y.\.W.I.N._.D.E.L.A.Y._.L.O.A.D._.H.O.O.K...O.B.J.....C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.R.E.G.I.S.T.R.Y...N.O.D.E.....C.:.\.U.S.E.R.S.\.A.D.M.I.N.I.S.T.R.A.T.O.R.\.D.E.S.K.T.O.P.\.L.E.E.T. .S.T.E.A.L.E.R.\.A.P.I.\.C.R.Y.P.T.E.R.\.S.C.R.I.P.T.\.N.O.D.E._.M.O.D.U.L.E.S.\.R.E.G.I.S.T.R.Y.-.J.S.\.B.U.I.L.D.\.R.E.L.E.A.S.E.\.R.E.G.I.S.T.R.Y...P.D.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\obj\registry\registry.tlog\registry.lastbuildstate

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):225
                                                                                                                                                                                                                      Entropy (8bit):5.096873505523068
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:95743AFE046B44F2A95C03AEAD2722C2
                                                                                                                                                                                                                      SHA1:0F4E05B34D109F17961D010F5299043D36352D53
                                                                                                                                                                                                                      SHA-256:107CA1BEAE8C711FAAAB92628F4BD8EBE24480BBC03C4DF0A16A650C6DE4963E
                                                                                                                                                                                                                      SHA-512:E31F72DA458A55F2558EB7A468575986FD9968E20A46AC6E35193A1C9520056A4E1E9611064D48D7DD60C35410EBCF8BD16642FB8DAEE1EF191378FD6529FE53
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:PlatformToolSet=v143:VCToolArchitecture=Native64Bit:VCToolsVersion=14.42.34433:TargetPlatformVersion=10.0.26100.0:..Release|x64|C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build\|..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.exp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:Intel amd64 COFF object file, not stripped, 2 sections, symbol offset=0x313, 12 symbols, 1st section name ".edata"
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1066
                                                                                                                                                                                                                      Entropy (8bit):4.681617752853548
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:4BCA1B7D1E8012001FE8E7C5460233CE
                                                                                                                                                                                                                      SHA1:802A64DE18A53D45918B639BE0EEDF707FD260E5
                                                                                                                                                                                                                      SHA-256:40021E5890E767D8512C96CD9AE5AED24C001B4FC80AED85618DD7C3FC724023
                                                                                                                                                                                                                      SHA-512:B842DA1272487CD4A0DC33DE85BDAB7B0BF8FBD817FE0B53194199D8FAA5521CE05CABC997FABEAA76F337AF741687D5DF1187F88D720352290C0516037AA7A7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:d....................edata..............d...............@..@.debug$S............:...............@..B............................................................registry.node.napi_register_module_v1.node_api_module_get_api_version_v1...................... .........$.........(.........0.........,.........4.....................y.......C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build\Release\registry.exp.+.<.................*.....Microsoft (R) LINK...=..cwd.C:\Users\Administrator\Desktop\Leet Stealer\Api\crypter\script\node_modules\registry-js\build.exe.C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.42.34433\bin\HostX64\x64\link.exe....8.....napi_register_module_v1.).8.....node_api_module_get_api_version_v1.@comp.id..........@feat.00...........edata.............debug$S..........szName..<.........rgpv....(.........rgszName0.........rgwOrd..8.........$N00001.J.........$N00002.b..........................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.iobj

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:Intel amd64 COFF object file, not stripped, 1002 sections, symbol offset=0x7b495, 3049 symbols, created Sun Dec 22 21:30:23 2024, 1st section name ".drectve"
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):618942
                                                                                                                                                                                                                      Entropy (8bit):5.129879433537868
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:18F300403A8CCB5620B709D4F75CBEBA
                                                                                                                                                                                                                      SHA1:FABECE11492ED18C8EFB1A482DD126AA5565C875
                                                                                                                                                                                                                      SHA-256:03064625E4A0CEBC5F46AA310834C7248935C292055454B245B418E6E5CDE1B8
                                                                                                                                                                                                                      SHA-512:FA2DDF7EBBFACBD5EE90D2C87A6610689CEA95E37A52E07EFC597E79520A994864C548BA9BBE8830B345939231B2B4E86B2586B9956EF105EA6E26F3B6B8E2F8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:d....hg.............drectve........N........................debug$S........L;.....>...........@..B.debug$T............................@..B.debug$S.........M..R....&..........@..B.debug$T............................@..B.rdata...............&..............@.@@.rdata..............7&..?&..........@.@@.rdata..............I&..............@.@@.rdata..............[&..............@.@@.rdata..............p&..............@.@@.rdata..............x&..............@.@@.rdata...............&..............@.@@.rdata...............&..............@.@@.rdata...............&..............@.@@.rdata.........."....&..............@.@@.rdata...............&..............@.@@.rdata...............'..............@.@@.rdata...............'..............@.@@.rdata..............+'..............@.@@.rdata..............A'..............@.@@.rdata..............N'..............@.@@.rdata..............V'..............@.@@.rdata..............n'..............@.@@.rdata.........."....'..............@.@@.rdata..........,...

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.ipdb

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):270688
                                                                                                                                                                                                                      Entropy (8bit):2.379353143410592
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:654A914E64AD14F82D59A76991B3E1F6
                                                                                                                                                                                                                      SHA1:334AEFF6AF9DE8C5501DFD6E1C32471FAB5B1188
                                                                                                                                                                                                                      SHA-256:4D78883A5965DD47FAA3FBCDA8B4871552C61F62287DEE98C1D7F81D7A9D24A8
                                                                                                                                                                                                                      SHA-512:1993E53EC6D3E6BDF40EA28CE314FEA58DA97D28CE5232A9E01107BD452893EE9081A1BF6E7D9064FB3E6396CB1B34DE1F4FCAB38DD350D1EE4CE0D2E00C2566
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:H.Q......hg....*................................................ .......n.......d.......r..4....z..x...h...?e..................p.......h.......@.......8...M.......G.....................................*..........1...........................................*..........1......................N6..f...4q..........................<.>..T..<...X.Q.2... ..........O...............................................................................................................V.. ............................................................h...................................F6..i....p.............................6...k....N.J?I3..L........................................................................................................................... ................<.................................1.............................................<6..l....o.............................6...k....N.J}.F....(........................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.lib

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:current ar archive
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2092
                                                                                                                                                                                                                      Entropy (8bit):4.723982668011139
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:764BFB3BE0E83E7FF4D697AF7F8BF914
                                                                                                                                                                                                                      SHA1:41E97D0F47EEB69E56712AF50563A6FE834BE8ED
                                                                                                                                                                                                                      SHA-256:CB69F5A14B8344FB06FBABA0C948D9026AD434CA732A8F52576F0BF4BA052CFF
                                                                                                                                                                                                                      SHA-512:C380AAA868FE0F4E15F80089B960D60C452F69EFCDFAD9DA6B36A5FB32AD99193F6343F37EAE9A0C4F25A76281BC3F4E81B7B2D2B55F4B1DB01732B9FC3BCA01
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:!<arch>./ -1 0 242 `........n...........4...4........__IMPORT_DESCRIPTOR_registry.__NULL_IMPORT_DESCRIPTOR..registry_NULL_THUNK_DATA.__imp_napi_register_module_v1.napi_register_module_v1.__imp_node_api_module_get_api_version_v1.node_api_module_get_api_version_v1./ -1 0 252 `.....n...........4.........................__IMPORT_DESCRIPTOR_registry.__NULL_IMPORT_DESCRIPTOR.__imp_napi_register_module_v1.__imp_node_api_module_get_api_version_v1.napi_register_module_v1.node_api_module_get_api_version_v1..registry_NULL_THUNK_DATA.registry.node/ -1 0 499 `.d...B................debug$S........C...................@..B.idata$2............................@.0..idata$6............................@. ..............registry.node'.................*....Microsoft (R) LINK..................................................registry.node.@comp.id.............................idata$2@..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.node

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):207360
                                                                                                                                                                                                                      Entropy (8bit):6.256839530385664
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:B363E97D52338FF0FCD16D3FE175A481
                                                                                                                                                                                                                      SHA1:80632F68D760D7346DEAE0099F13827ED63D672E
                                                                                                                                                                                                                      SHA-256:E822956E500B5907AC4DB1FC0A5EB860D8979C9566E1C48A5E5FDB3F4435BECF
                                                                                                                                                                                                                      SHA-512:5727A722693C384D9040DD3E922959E738E881CD82A1A2229A1B8B2B5A588FAE4EA4B310F27BABD9128ABF2584F7CF41A74F065920B10558098DA0C4D6AA628D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............................................................................................@...........Rich....................PE..d.....hg.........." ...*.............}....................................................`.................................................h...<....`.......0..4............p..........p...........................p...@............0......,...@....................text............................... ..`.rdata.......0......."..............@..@.data...............................@....pdata..4....0......................@..@.fptable.....P......................@....rsrc........`....... ..............@..@.reloc.......p......."..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\registry.vcxproj

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines (671)
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):12650
                                                                                                                                                                                                                      Entropy (8bit):5.612087719311082
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:AF3F32492193966419D340CC114A6CF2
                                                                                                                                                                                                                      SHA1:933CA2F3059D52ACC67F7D563AAA2E5AD488400E
                                                                                                                                                                                                                      SHA-256:EB99EA8733AFA0D9987F134F57AD1422868A2E8B0A39FBE2F03CF8774854BEA3
                                                                                                                                                                                                                      SHA-512:5498B942F84529ABE4ABB5924D666471258A2DB6CE25B90A839BAD7C30AA0E0DC7BB63CE90C8084168A384A0BBB842FBF8817CF0D1ABD8AE69B87D360FD58267
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>.<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">. <ItemGroup Label="ProjectConfigurations">. <ProjectConfiguration Include="Debug|x64">. <Configuration>Debug</Configuration>. <Platform>x64</Platform>. </ProjectConfiguration>. <ProjectConfiguration Include="Release|x64">. <Configuration>Release</Configuration>. <Platform>x64</Platform>. </ProjectConfiguration>. </ItemGroup>. <PropertyGroup Label="Globals">. <ProjectGuid>{AB6C7AE3-D559-EA33-9639-12637490C49E}</ProjectGuid>. <Keyword>Win32Proj</Keyword>. <RootNamespace>registry</RootNamespace>. <IgnoreWarnCompileDuplicatedFilename>true</IgnoreWarnCompileDuplicatedFilename>. <PreferredToolArchitecture>x64</PreferredToolArchitecture>. <WindowsTargetPlatformVersion>10.0.26100.0</WindowsTargetPlatformVersion>. </PropertyGroup>. <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.prop

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\registry.vcxproj.filters

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3077
                                                                                                                                                                                                                      Entropy (8bit):5.275276028009429
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:BE76B7CCDA1FEB92E7307E23C90451EB
                                                                                                                                                                                                                      SHA1:B18D4D7E0A3328146B773E8FE990907CDD015634
                                                                                                                                                                                                                      SHA-256:A173695E18EC24DFAD4C52F714A972028DB7727CAD7192AE658539173C73DC88
                                                                                                                                                                                                                      SHA-512:488A9435D4521C712E34DB973DD0DF4E65A9A2BADC92412AFD2BED1BE1FC591FF7E73DF8241E17D81CB2EE9F93FEA1A6988CA2774DCD76B252DA3446ADC85A9C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8"?>.<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">. <ItemGroup>. <Filter Include="..">. <UniqueIdentifier>{739DB09A-CC57-A953-A6CF-F64FA08E4FA7}</UniqueIdentifier>. </Filter>. <Filter Include="..\src">. <UniqueIdentifier>{8CDEE807-BC53-E450-C8B8-4DEBB66742D4}</UniqueIdentifier>. </Filter>. <Filter Include="C:">. <UniqueIdentifier>{7B735499-E5DD-1C2B-6C26-70023832A1CF}</UniqueIdentifier>. </Filter>. <Filter Include="C:\Users">. <UniqueIdentifier>{E9F714C1-DA89-54E2-60CF-39FEB20BF756}</UniqueIdentifier>. </Filter>. <Filter Include="C:\Users\Administrator">. <UniqueIdentifier>{89691E1D-2E39-3D29-B33C-136FE588BEC3}</UniqueIdentifier>. </Filter>. <Filter Include="C:\Users\Administrator\Desktop">. <UniqueIdentifier>{B23D6E4D-7634-EF57-62FC-46A6189C0B6E}</UniqueIdentifier>. </Filter>. <Filter Include="C:\Users\Administrator\Desktop\Leet Stealer">.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\dist\lib\index.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):658
                                                                                                                                                                                                                      Entropy (8bit):5.062522256402601
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:1B753840717BA9708D4AFBFED7C5ECAE
                                                                                                                                                                                                                      SHA1:188CAA6D370515112EC3818CF89CE10A04712AE5
                                                                                                                                                                                                                      SHA-256:F8A6CC69584E07A08A4E72BA1C89BFE791AF854A62D2085F230A95A6E2ED8DA4
                                                                                                                                                                                                                      SHA-512:264F46934D2F96B2B5F0399E991FEF48EBC8C8D2292F58FCC8D39B4A27734B2A2F667F2E706B851CA8FB3A54027561EF3F305FA357DC6275001257113EFB7C60
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:"use strict";..var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {.. if (k2 === undefined) k2 = k;.. Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });..}) : (function(o, m, k, k2) {.. if (k2 === undefined) k2 = k;.. o[k2] = m[k];..}));..var __exportStar = (this && this.__exportStar) || function(m, exports) {.. for (var p in m) if (p !== "default" && !exports.hasOwnProperty(p)) __createBinding(exports, m, p);..};..Object.defineProperty(exports, "__esModule", { value: true });..__exportStar(require("./registry"), exports);..//# sourceMappingURL=index.js.map

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\dist\lib\index.js.map

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):128
                                                                                                                                                                                                                      Entropy (8bit):4.614159942690316
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:2DCA8F76E5031B5E3C04A2C49CF3C9DA
                                                                                                                                                                                                                      SHA1:11DF7F83A921C7ABD996D344E7585ECC9908A9A7
                                                                                                                                                                                                                      SHA-256:0BBA03610CF289DE9E8B201F7FF8898BF7C36C23D42E1BD67B15C9F6292D935B
                                                                                                                                                                                                                      SHA-512:39BB28A541F8871A21CA7D152C5EF4F3E03A2DC1B01A14BCE7091DA808B879BC8039C95CBD76ED64351F5C2F0D1F78B5E69194A0FFA0F02E33F58CC0116AB4C6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"version":3,"file":"index.js","sourceRoot":"","sources":["../../lib/index.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,6CAA0B"}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\dist\lib\registry.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5821
                                                                                                                                                                                                                      Entropy (8bit):5.285204757142173
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:7084662C3E6624DAE025C24F4D307854
                                                                                                                                                                                                                      SHA1:860F0A84208663D434671E9B94048EE57A00997E
                                                                                                                                                                                                                      SHA-256:41589EC896A2D3B80311FC2325E1385F9D91DD15D0BF384C85DDA403AC3E7871
                                                                                                                                                                                                                      SHA-512:A7E9DD3ACDF0DF55CC14CB45E253BE10BC2872FFDE9ED90EE11475AA3E086E9C94A023B2D435FDBAACCBA2DAB6E9074E4A0DCB68D09B98BFB9CDE70ABEAF9DE9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:"use strict";..Object.defineProperty(exports, "__esModule", { value: true });..exports.setValueSafe = exports.setValue = exports.createKeySafe = exports.createKey = exports.enumerateKeysSafe = exports.enumerateKeys = exports.enumerateValuesSafe = exports.enumerateValues = exports.HKEY = exports.RegistryValueType = void 0;..const nativeModule = process.platform === 'win32'.. ? require('../../build/Release/registry.node').. : null;../**.. * Utility function used to achieve exhaustive type checks at compile time... *.. * If the type system is bypassed or this method will throw an exception.. * using the second parameter as the message... *.. * @param {x} Placeholder parameter in order to leverage the type.. * system. Pass the variable which has been type narrowed.. * in an exhaustive check... *.. * @param {message} The message to be used in the runtime exception... *.. */..function assertNever(x, message) {.. throw new Error(message);..}../

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\dist\lib\registry.js.map

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3471
                                                                                                                                                                                                                      Entropy (8bit):3.8177180825801895
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:F9F52D7604BFDE2CBCEF4D06497A8B50
                                                                                                                                                                                                                      SHA1:1311CA1E1AAEBD42A5CC81AE10B9062215EF1845
                                                                                                                                                                                                                      SHA-256:B401771FED6BD7B3BC8FCD7ED64C6367C1FBF84D60455A0A24F19038555E0F2D
                                                                                                                                                                                                                      SHA-512:B5FA80C82EBEAFB6A7F4CC6BF23BDC72BDF3276032568F40AE8076BFDFE40CFDFC093172E4E5C9E53C63F685758631EE981CAEE22558701BF3201A0488C2C49B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../lib/registry.ts"],"names":[],"mappings":";;;AAAA,MAAM,YAAY,GAChB,OAAO,CAAC,QAAQ,KAAK,OAAO;IAC1B,CAAC,CAAC,OAAO,CAAC,mCAAmC,CAAC;IAC9C,CAAC,CAAC,IAAI,CAAA;AAEV;;;;;;;;;;;;GAYG;AACH,SAAS,WAAW,CAAC,CAAQ,EAAE,OAAe;IAC5C,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,CAAA;AAC1B,CAAC;AAED;;;;GAIG;AACH,IAAY,iBAYX;AAZD,WAAY,iBAAiB;IAC3B,8CAAyB,CAAA;IACzB,4CAAuB,CAAA;IACvB,wEAAmD,CAAA;IACnD,kEAA6C,CAAA;IAC7C,oDAA+B,CAAA;IAC/B,0CAAqB,CAAA;IACrB,kDAA6B,CAAA;IAC7B,0CAAqB,CAAA;IACrB,4CAAuB,CAAA;IACvB,wEAAmD,CAAA;IACnD,sCAAiB,CAAA;AACnB,CAAC,EAZW,iBAAiB,GAAjB,yBAAiB,KAAjB,yBAAiB,QAY5B;AAiBD,IAAY,IAWX;AAXD,WAAY,IAAI;IACd,+CAAuC,CAAA;IACvC,mDAA2C,CAAA;IAC3C,uCAA+B,CAAA;IAC/B,6EAAqE,CAAA;IACrE,+CAAuC,CAAA;IACvC,iDAAyC,CAAA;IACzC,uDAA+C,CAAA;IAC/C,uDAA+C,CAAA;IAC/C,6DAAqD,CAAA;IACrD,iCAAyB,CAAA;AAC3B,CAAC,EAXW,IAAI,GAAJ,YAAI,KAAJ,YAAI,QAWf;AAED,SAAS,SAAS,CAAC,GAAS;IAC1B,IAAI,GAAG,KAAK,IAAI,CAAC,iBAAiB;QAAE,OAAO,UAAU,CAAA;IACrD,IAAI,GAAG,KAAK,IAAI,CAAC,i

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\ansi-regex\index.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):135
                                                                                                                                                                                                                      Entropy (8bit):5.355689931154668
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:DF3213A53F3CE3092379CA771E98AF7C
                                                                                                                                                                                                                      SHA1:8E2FE7FC814A39D590CF170CCC989A166D505C1E
                                                                                                                                                                                                                      SHA-256:0F78062E714965D168FB51F1CB507AA95DD6270B563D04679ADF2506245A62B3
                                                                                                                                                                                                                      SHA-512:E1714D08FD73E64BC3BDB65280ACFE932FB903817EB84F249048DD4E41D11A2EFBE3EE3C92E6C33B12DC34A43DA3EB9DCA1A99C194A3F36BC641DC28314F8DE2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict';.module.exports = function () {..return /[\u001b\u009b][[()#;?]*(?:[0-9]{1,4}(?:;[0-9]{0,4})*)?[0-9A-PRZcf-nqry=><]/g;.};.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\ansi-regex\license

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1119
                                                                                                                                                                                                                      Entropy (8bit):5.1078795238525405
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:A12EBCA0510A773644101A99A867D210
                                                                                                                                                                                                                      SHA1:0C94F137F6E0536DB8CB2622A9DC84253B91B90C
                                                                                                                                                                                                                      SHA-256:6FB9754611C20F6649F68805E8C990E83261F29316E29DE9E6CEDAE607B8634C
                                                                                                                                                                                                                      SHA-512:AE79E7A4209A451AEF6B78F7B0B88170E7A22335126AC345522BF4EAFE0818DA5865AAE1507C5DC0224EF854548C721DF9A84371822F36D50CBCD97FA946EEE9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:The MIT License (MIT)..Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TO

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\ansi-regex\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):641
                                                                                                                                                                                                                      Entropy (8bit):4.793320245279793
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:DDBA9F83EBEB4B837EB97AA853F294FB
                                                                                                                                                                                                                      SHA1:CB277084750101873B5FD079018DFC9C48B7AFD7
                                                                                                                                                                                                                      SHA-256:A0CA03D3167CE026E2D8DD55481EC427272C2D2E3E130B7635FE7F70897E895F
                                                                                                                                                                                                                      SHA-512:AA0BD9A118267FA22FCD1D84D68E3781A58AA0C356397B83A76E3205DCD6440C77CADF77143C4715A9FEF3C4B03A6D3EFDD6557165F4114B4838548DFEDDB380
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "ansi-regex",. "version": "2.1.1",. "description": "Regular expression for matching ANSI escape codes",. "license": "MIT",. "repository": "chalk/ansi-regex",. "author": {. "name": "Sindre Sorhus",. "email": "sindresorhus@gmail.com",. "url": "sindresorhus.com". },. "maintainers": [. "Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)",. "Joshua Appelman <jappelman@xebia.com> (jbnicolai.com)",. "JD Ballard <i.am.qix@gmail.com> (github.com/qix-)". ],. "engines": {. "node": ">=0.10.0". },. "files": [. "index.js". ],. "devDependencies": {. "ava": "0.17.0",. "xo": "0.16.0". }.}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\aproba\LICENSE

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):752
                                                                                                                                                                                                                      Entropy (8bit):5.0549042450081485
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:9D215C9223FBEF14A4642CC450E7ED4B
                                                                                                                                                                                                                      SHA1:279F47BEDBC7BB9520C5F26216B2323E8F0E728E
                                                                                                                                                                                                                      SHA-256:0CEF05DFFF8B6AA7F35596984F5709F0D17C2582924A751EFA471A76DE7CDC11
                                                                                                                                                                                                                      SHA-512:5E4BA806F279089D705E909E3C000674C4186D618D6AB381619099F8895AF02979F3FC9ABB43F78B9FFED33B90A7861F6C4B9D6C1BB47ED14A79E7F90ECA833C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:Copyright (c) 2015, Rebecca Turner <me@re-becca.org>..Permission to use, copy, modify, and/or distribute this software for any.purpose with or without fee is hereby granted, provided that the above.copyright notice and this permission notice appear in all copies...THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES.WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF.MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR.ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES.WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN.ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF.OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE...

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\aproba\index.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3966
                                                                                                                                                                                                                      Entropy (8bit):5.013536326867824
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:021ED2CA21E6B17E6C9CEA7878CEAF4B
                                                                                                                                                                                                                      SHA1:0FDB9DAC7E82E5156F5D4237175F00313CBB3E44
                                                                                                                                                                                                                      SHA-256:DF0DBEADDD66465687A5B4C4EC28BDADE1343E416CABEFCE7048565584571A2A
                                                                                                                                                                                                                      SHA-512:A710B53787CDFA4C2EF92FA8E97B5A5C2ADC4619405A494C635D9B6FC7AAD173F261B44A410301EE67ED2502782872B32CDBC2EAF6477529D354622FDFE8A986
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'..function isArguments (thingy) {. return thingy != null && typeof thingy === 'object' && thingy.hasOwnProperty('callee').}..var types = {. '*': {label: 'any', check: function () { return true }},. A: {label: 'array', check: function (thingy) { return Array.isArray(thingy) || isArguments(thingy) }},. S: {label: 'string', check: function (thingy) { return typeof thingy === 'string' }},. N: {label: 'number', check: function (thingy) { return typeof thingy === 'number' }},. F: {label: 'function', check: function (thingy) { return typeof thingy === 'function' }},. O: {label: 'object', check: function (thingy) { return typeof thingy === 'object' && thingy != null && !types.A.check(thingy) && !types.E.check(thingy) }},. B: {label: 'boolean', check: function (thingy) { return typeof thingy === 'boolean' }},. E: {label: 'error', check: function (thingy) { return thingy instanceof Error }},. Z: {label: 'null', check: function (thingy) { return thingy == null }}.}..function

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\aproba\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):534
                                                                                                                                                                                                                      Entropy (8bit):4.709787541773083
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:EAD84B03DC8B5204F6A6CE6A8E5FC20C
                                                                                                                                                                                                                      SHA1:B5AC2CF0A1480CB70777BD89CC6BEE59D8990890
                                                                                                                                                                                                                      SHA-256:9E10E195D199B1613AF457E188BD8795DC7DE03A8810438BA6ACE69ACDCAB9F4
                                                                                                                                                                                                                      SHA-512:C11064C142AB2D67ED592AA1D31E590B778B15935CA589EAEAFD9237FC4D01D3FBA226BE463AEBE61A9B32907044D483BF922ACF35D691AFB95223F1174C95E0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "aproba",. "version": "1.2.0",. "description": "A ridiculously light-weight argument validator (now browser friendly)",. "main": "index.js",. "directories": {. "test": "test". },. "dependencies": {},. "devDependencies": {. "standard": "^10.0.3",. "tap": "^10.0.2". },. "files": [. "index.js". ],. "repository": {. "type": "git",. "url": "https://github.com/iarna/aproba". },. "author": "Rebecca Turner <me@re-becca.org>",. "license": "ISC",. "homepage": "https://github.com/iarna/aproba".}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\are-we-there-yet\CHANGES.md

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1324
                                                                                                                                                                                                                      Entropy (8bit):4.876489003158665
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:32B0438CC0EC8F717B40DC465B168DB1
                                                                                                                                                                                                                      SHA1:BA86BF24ADD4F59F50F0C322F8744B37B370BA21
                                                                                                                                                                                                                      SHA-256:2B994F448BC58933B4905AD38537F354B09CC1CBBF4D168C5F4C2E43E948189F
                                                                                                                                                                                                                      SHA-512:A0B4E6ADBEDBF797B58DB9678ECF1AF883E92F83338BF90400658C48C0319BAE435E5C4565C9901C9875C4CFA22A476321FD9EE25573C63108C5CDA497385374
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:Hi, figured we could actually use a changelog now:..## 1.1.5 2018-05-24..* [#92](https://github.com/iarna/are-we-there-yet/pull/92) Fix bug where. `finish` would throw errors when including `TrackerStream` objects in. `TrackerGroup` collections. (@brianloveswords)..## 1.1.4 2017-04-21..* Fix typo in package.json..## 1.1.3 2017-04-21..* Improve documentation and limit files included in the distribution...## 1.1.2 2016-03-15..* Add tracker group cycle detection and tests for it..## 1.1.1 2016-01-29..* Fix a typo in stream completion tracker..## 1.1.0 2016-01-29..* Rewrote completion percent computation to be low impact..no more walking a. tree of completion groups every time we need this info. Previously, with. medium sized tree of completion groups, even a relatively modest number of. calls to the top level `completed()` method would result in absurd numbers. of calls overall as it walked down the tree. We now, instead, keep track as. we bubble up changes, so the computation

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\are-we-there-yet\LICENSE

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (485)
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):733
                                                                                                                                                                                                                      Entropy (8bit):4.964396492723911
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:039A23DA29F56411E6D75D7B7BC9DE13
                                                                                                                                                                                                                      SHA1:13B22B5C5F89EDC3F31E092B7298CD65687E7250
                                                                                                                                                                                                                      SHA-256:FF75AAA5AAF56005EEEA7723B287F9DF3DD45B33B310A7EB347D3AB28EA26593
                                                                                                                                                                                                                      SHA-512:F81B02B55F89D2C03CF2CBB01042E3F10047CD62933FF7C966A9E05090042E0E8F24495346853909486941750E3C00D09C54760E1D43F54F8F99B0BEBDDD937F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:Copyright (c) 2015, Rebecca Turner..Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies...THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\are-we-there-yet\index.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):163
                                                                                                                                                                                                                      Entropy (8bit):4.360207212169072
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:A9C06E81DA780A0568FA5A53E8D7E4FE
                                                                                                                                                                                                                      SHA1:D154805F279E1F7708732426E960AB7990FFFBE2
                                                                                                                                                                                                                      SHA-256:7A427679A9B245F02D66BB09AEAA5337BDFF29375D05F3F34E7133B61001BB69
                                                                                                                                                                                                                      SHA-512:79C8F738B2397A79F192EA55E6145A4333C3B555C230D32840A06CA9DACCC5B75F547AE56DCC28561F2D6AEA9C033C24CAB385E344D8697234654B6FD909BA2C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'.exports.TrackerGroup = require('./tracker-group.js').exports.Tracker = require('./tracker.js').exports.TrackerStream = require('./tracker-stream.js').

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\are-we-there-yet\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):694
                                                                                                                                                                                                                      Entropy (8bit):4.7286595537570815
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:BA61E7E78DB4BB4B28BCA0C80518F397
                                                                                                                                                                                                                      SHA1:F86708B2BCBE5651707931437797911079E7A196
                                                                                                                                                                                                                      SHA-256:B3F4117452D17E539C63F5381CC721377019C1B78275D36472F37FC0E5C00004
                                                                                                                                                                                                                      SHA-512:A26439437108C7C911A012435F9F6A1BF5145497FAC2EA8E6C082AC6E0D251836F6C21D17544772C6F2FA44256C22834AFF0D2F328CCF752BBC510CB988062FA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "are-we-there-yet",. "version": "1.1.7",. "description": "Keep track of the overall completion of many disparate processes",. "main": "index.js",. "repository": {. "type": "git",. "url": "https://github.com/iarna/are-we-there-yet.git". },. "author": "Rebecca Turner (http://re-becca.org)",. "license": "ISC",. "homepage": "https://github.com/iarna/are-we-there-yet",. "devDependencies": {. "standard": "^11.0.1",. "tap": "^12.0.1". },. "dependencies": {. "delegates": "^1.0.0",. "readable-stream": "^2.0.6". },. "files": [. "index.js",. "tracker-base.js",. "tracker-group.js",. "tracker-stream.js",. "tracker.js",. "CHANGES.md". ].}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\are-we-there-yet\tracker-base.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):274
                                                                                                                                                                                                                      Entropy (8bit):4.559004129705898
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:BE36DBDA2EE54D2785109F0BE5037A3D
                                                                                                                                                                                                                      SHA1:7246C8D6F9FAA94A98ED31353CBDF41C62CE20FB
                                                                                                                                                                                                                      SHA-256:733F287BDE0281DAA16A3EE8E006266C37D7AA81A5750C2E2379535FEA265977
                                                                                                                                                                                                                      SHA-512:06988D323D031313FCA8F459FC06E334D3B1D96DC9841BD99FAF6AB8FE74E25345F2B9F6EAF2116D8A45BD80A4A39B7C3B5597C94B7A7219EAE2D032A6D2426B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'.var EventEmitter = require('events').EventEmitter.var util = require('util')..var trackerId = 0.var TrackerBase = module.exports = function (name) {. EventEmitter.call(this). this.id = ++trackerId. this.name = name.}.util.inherits(TrackerBase, EventEmitter).

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\are-we-there-yet\tracker-group.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3231
                                                                                                                                                                                                                      Entropy (8bit):4.744135922006623
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:58FDFAE17DCCD3EE7579725EDC085045
                                                                                                                                                                                                                      SHA1:7DD60BCD62AA5385DE69E4B5D6E91362ED305616
                                                                                                                                                                                                                      SHA-256:BEEEF4C39FB6B32F2C5B2EF59E9CF09DE45D3C2516299D0ED811654A6B1AEB32
                                                                                                                                                                                                                      SHA-512:503462D2FD3C8E796D81134FB1296DFBEBFB82201AB905D97E58A07CED7A32255E62896613E593940F157F57906D1B8B4B3F1CD09C4E6FADEF713407B6AAB9AC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'.var util = require('util').var TrackerBase = require('./tracker-base.js').var Tracker = require('./tracker.js').var TrackerStream = require('./tracker-stream.js')..var TrackerGroup = module.exports = function (name) {. TrackerBase.call(this, name). this.parentGroup = null. this.trackers = []. this.completion = {}. this.weight = {}. this.totalWeight = 0. this.finished = false. this.bubbleChange = bubbleChange(this).}.util.inherits(TrackerGroup, TrackerBase)..function bubbleChange (trackerGroup) {. return function (name, completed, tracker) {. trackerGroup.completion[tracker.id] = completed. if (trackerGroup.finished) return. trackerGroup.emit('change', name || trackerGroup.name, trackerGroup.completed(), trackerGroup). }.}..TrackerGroup.prototype.nameInTree = function () {. var names = []. var from = this. while (from) {. names.unshift(from.name). from = from.parentGroup. }. return names.join('/').}..TrackerGroup.prototype.addUnit = function (u

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\are-we-there-yet\tracker-stream.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):963
                                                                                                                                                                                                                      Entropy (8bit):4.7109500028049505
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:8943DEBCB908885A2A4840ABF4A90442
                                                                                                                                                                                                                      SHA1:19F5B9705CFAC18BB20F36B448AC67E864A1C784
                                                                                                                                                                                                                      SHA-256:E550B2D2EE5720B7B140A73B625D1CEF6550152B1EDBD7264488C3BD54611B6F
                                                                                                                                                                                                                      SHA-512:FE1C0DA206DD9A2A9F102D69191576AC3F69140D6B3FD44091107152E4CD1138B32B1D648D945BC7D2A06B8006CC4FA167B727835D8C5E403E6B8060773555AE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'.var util = require('util').var stream = require('readable-stream').var delegate = require('delegates').var Tracker = require('./tracker.js')..var TrackerStream = module.exports = function (name, size, options) {. stream.Transform.call(this, options). this.tracker = new Tracker(name, size). this.name = name. this.id = this.tracker.id. this.tracker.on('change', delegateChange(this)).}.util.inherits(TrackerStream, stream.Transform)..function delegateChange (trackerStream) {. return function (name, completion, tracker) {. trackerStream.emit('change', name, completion, trackerStream). }.}..TrackerStream.prototype._transform = function (data, encoding, cb) {. this.tracker.completeWork(data.length ? data.length : 1). this.push(data). cb().}..TrackerStream.prototype._flush = function (cb) {. this.tracker.finish(). cb().}..delegate(TrackerStream.prototype, 'tracker'). .method('completed'). .method('addWork'). .method('finish').

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\are-we-there-yet\tracker.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):826
                                                                                                                                                                                                                      Entropy (8bit):4.774381340594019
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:0713EA137FDD7B83574B0025CE2669F6
                                                                                                                                                                                                                      SHA1:6AFD823DFE51E31C67FD4E79A9DB24790E7770D9
                                                                                                                                                                                                                      SHA-256:10ABE0873555228627D7A4098AA104CB94FC609FC237C2061D6C25011DAB0117
                                                                                                                                                                                                                      SHA-512:1E6221649A844B889B41165E2D312D198D70D936641235ACFA3B5FAAFE190E9D9E730EB1D4779167CD107DC40B4268FA0E118B1A679E992F458B93082F7C0964
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'.var util = require('util').var TrackerBase = require('./tracker-base.js')..var Tracker = module.exports = function (name, todo) {. TrackerBase.call(this, name). this.workDone = 0. this.workTodo = todo || 0.}.util.inherits(Tracker, TrackerBase)..Tracker.prototype.completed = function () {. return this.workTodo === 0 ? 0 : this.workDone / this.workTodo.}..Tracker.prototype.addWork = function (work) {. this.workTodo += work. this.emit('change', this.name, this.completed(), this).}..Tracker.prototype.completeWork = function (work) {. this.workDone += work. if (this.workDone > this.workTodo) this.workDone = this.workTodo. this.emit('change', this.name, this.completed(), this).}..Tracker.prototype.finish = function () {. this.workTodo = this.workDone = 1. this.emit('change', this.name, 1, this).}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\decompress-response\index.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1023
                                                                                                                                                                                                                      Entropy (8bit):4.916006976461456
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:5598003B6AB5F2B33234B8CB739368B9
                                                                                                                                                                                                                      SHA1:8F2596EC2A5FD70C5B056ADE193D5954BCB01FBA
                                                                                                                                                                                                                      SHA-256:A9F58E84017F49D7C3932D2E46F5DEDE98B19E38F2C8F0C694D3BE586769AFB9
                                                                                                                                                                                                                      SHA-512:F0DAEC45B54BD66DBE11596A0682DC7CFD92004C7C7403E875A5A02614D26C18FE64D6ECD68598686A96908BF4259A5CB787CCBA81BF873A057E0335163CD5CD
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict';.const {PassThrough: PassThroughStream} = require('stream');.const zlib = require('zlib');.const mimicResponse = require('mimic-response');..const decompressResponse = response => {..const contentEncoding = (response.headers['content-encoding'] || '').toLowerCase();...if (!['gzip', 'deflate', 'br'].includes(contentEncoding)) {...return response;..}...const isBrotli = contentEncoding === 'br';..if (isBrotli && typeof zlib.createBrotliDecompress !== 'function') {...return response;..}...const decompress = isBrotli ? zlib.createBrotliDecompress() : zlib.createUnzip();..const stream = new PassThroughStream();...mimicResponse(response, stream);...decompress.on('error', error => {...// Ignore empty response...if (error.code === 'Z_BUF_ERROR') {....stream.end();....return;...}....stream.emit('error', error);..});...response.pipe(decompress).pipe(stream);...return stream;.};..module.exports = decompressResponse;.// TODO: remove this in the next major version.module.exports.default

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\decompress-response\license

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (460)
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1109
                                                                                                                                                                                                                      Entropy (8bit):5.0681506929270785
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:915042B5DF33C31A6DB2B37EADAA00E3
                                                                                                                                                                                                                      SHA1:5AAF48196DDD4D007A3067AA7F30303CA8E4B29C
                                                                                                                                                                                                                      SHA-256:48DA2F39E100D4085767E94966B43F4FA95FF6A0698FBA57ED460914E35F94A0
                                                                                                                                                                                                                      SHA-512:9C8B2DEF76AE5FFE4D636166BF9635D7ABD69CDAC4BF819A2145F7969646D39AE95C96364BC117F9FA544B98518C294233455D4F665AF430C75D70798DD4AB13
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MIT License..Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)..Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHE

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\decompress-response\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):618
                                                                                                                                                                                                                      Entropy (8bit):4.542647033146019
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:679865DA190AC785C98FA8A8F4CE8E2C
                                                                                                                                                                                                                      SHA1:64AE55BB222ADF7AE12147A82E185B775656A60F
                                                                                                                                                                                                                      SHA-256:85EF8A08CA7F8BFE3EB2482393A84D9913FEB20BDBD58284493AFC8FF529113B
                                                                                                                                                                                                                      SHA-512:F520432DC0445071466D2FFE184985A790C6FA2473C07272C998777BAB09F2AB1980686D193F2508FD1B401C588E1CCDE948D9D1445CF04E37F34EC5D3BB3E3B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "decompress-response",. "version": "4.2.1",. "description": "Decompress a HTTP response if needed",. "license": "MIT",. "repository": "sindresorhus/decompress-response",. "author": {. "name": "Sindre Sorhus",. "email": "sindresorhus@gmail.com",. "url": "sindresorhus.com". },. "engines": {. "node": ">=8". },. "files": [. "index.js",. "index.d.ts". ],. "dependencies": {. "mimic-response": "^2.0.0". },. "devDependencies": {. "@types/node": "^12.7.1",. "ava": "^2.2.0",. "get-stream": "^5.0.0",. "pify": "^4.0.1",. "tsd": "^0.7.1",. "xo": "^0.24.0". }.}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\detect-libc\LICENSE

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):11357
                                                                                                                                                                                                                      Entropy (8bit):4.4265944416265475
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:E3FC50A88D0A364313DF4B21EF20C29E
                                                                                                                                                                                                                      SHA1:92170CDC034B2FF819323FF670D3B7266C8BFFCD
                                                                                                                                                                                                                      SHA-256:B40930BBCF80744C86C46A12BC9DA056641D722716C378F5659B9E555EF833E1
                                                                                                                                                                                                                      SHA-512:389080B6132D3EAAE780648D6998390D8CC71908561BCE09578E27C542AA1A9F3122E01F640C5B01BEE73004C23AA4E9F2066FE5EE0CA2072C2420578B28D71F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview: Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial owne

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\detect-libc\bin\detect-libc.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:a /usr/bin/env node script, ASCII text executable
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):371
                                                                                                                                                                                                                      Entropy (8bit):5.008050973507508
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:ED91C87113AE1CC70C196295E8CE8A05
                                                                                                                                                                                                                      SHA1:6DC7E6EEB69A6E4DBD886675878538B4DE21314D
                                                                                                                                                                                                                      SHA-256:99A4F0B6EBE4B213E904A3563973DA0B98CABA8B7F2877FBBE5084AEADEEB307
                                                                                                                                                                                                                      SHA-512:FCEB0747A61C7955640A25F87067E67EF89B5224AE05BBBE56F1D90D09D2D563A7C1C6F06BCF417EBFE80103D7BCAB6B2D55195D0A142CFB4E4CAEA4AAD10D89
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:#!/usr/bin/env node..'use strict';..var spawnSync = require('child_process').spawnSync;.var libc = require('../');..var spawnOptions = {. env: process.env,. shell: true,. stdio: 'inherit'.};..if (libc.isNonGlibcLinux) {. spawnOptions.env.LIBC = process.env.LIBC || libc.family;.}..process.exit(spawnSync(process.argv[2], process.argv.slice(3), spawnOptions).status);.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\detect-libc\lib\detect-libc.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2182
                                                                                                                                                                                                                      Entropy (8bit):4.916953387017982
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:E1DB4F7BFD72A6E075319DFD0D893092
                                                                                                                                                                                                                      SHA1:4341118000599A96669629929534A91D0A0B8F02
                                                                                                                                                                                                                      SHA-256:F3D658268111D4DDBC38B1C4CC67BD49FF0418CD7B0110E0BA42B530CDF80DD6
                                                                                                                                                                                                                      SHA-512:CC8DB31377F12C67C2C8246CCA9BC62FE9BF387D41EF5EB783148195419B0E80F3D0F0323F444B1A364DEFC1CE85785BBB9C10120406BA553B34E2C6409F0E6A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict';..var platform = require('os').platform();.var spawnSync = require('child_process').spawnSync;.var readdirSync = require('fs').readdirSync;..var GLIBC = 'glibc';.var MUSL = 'musl';..var spawnOptions = {. encoding: 'utf8',. env: process.env.};..if (!spawnSync) {. spawnSync = function () {. return { status: 126, stdout: '', stderr: '' };. };.}..function contains (needle) {. return function (haystack) {. return haystack.indexOf(needle) !== -1;. };.}..function versionFromMuslLdd (out) {. return out.split(/[\r\n]+/)[1].trim().split(/\s/)[1];.}..function safeReaddirSync (path) {. try {. return readdirSync(path);. } catch (e) {}. return [];.}..var family = '';.var version = '';.var method = '';..if (platform === 'linux') {. // Try getconf. var glibc = spawnSync('getconf', ['GNU_LIBC_VERSION'], spawnOptions);. if (glibc.status === 0) {. family = GLIBC;. version = glibc.stdout.trim().split(' ')[1];. method = 'getconf';. } else {. // Try ldd. va

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\detect-libc\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):584
                                                                                                                                                                                                                      Entropy (8bit):4.716016510648684
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:BA9D574B3433EDDE99EC7D51F57D31FD
                                                                                                                                                                                                                      SHA1:AD91BFD6FC61C4D50C312D8C0A5BFB4C93410D80
                                                                                                                                                                                                                      SHA-256:52D3B8B7A1D28565BF52307C861EDA7F4ACBBB8E36F1C100B73A4D4E2C94CD4E
                                                                                                                                                                                                                      SHA-512:78CCB93A38C7E7FCDCA974EB303DC75E145DB8B344157D29E2F654AB97C4E47E97772FAC5CEE3DD87666C6E2ABF043514E0C4F109FDBB9A3C1D082BD4C718B18
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "detect-libc",. "version": "1.0.3",. "description": "Node.js module to detect the C standard library (libc) implementation family and version",. "main": "lib/detect-libc.js",. "bin": {. "detect-libc": "./bin/detect-libc.js". },. "repository": {. "type": "git",. "url": "git://github.com/lovell/detect-libc". },. "author": "Lovell Fuller <npm@lovell.info>",. "license": "Apache-2.0",. "devDependencies": {. "ava": "^0.23.0",. "nyc": "^11.3.0",. "proxyquire": "^1.8.0",. "semistandard": "^11.0.0". },. "engines": {. "node": ">=0.10". }.}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\LICENSE

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):751
                                                                                                                                                                                                                      Entropy (8bit):5.053913342996983
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:43ABBC6F9093AEA69560715033788727
                                                                                                                                                                                                                      SHA1:CE0C4782BDBD720BAF4D2484E5B71728D3A943AF
                                                                                                                                                                                                                      SHA-256:AF83B3CE4E592E87B4ECFA8C8CB45BC4EC26D0B3FB8F34F3687088F6928F705F
                                                                                                                                                                                                                      SHA-512:467863BDEEEA29FF067FABA6A6A6E70241BEB1ABECF7DE264EBFF36B3A497E4F3E124B180560F7812FE4180447E8045827532332BAE008603B06954CC7681605
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:Copyright (c) 2014, Rebecca Turner <me@re-becca.org>..Permission to use, copy, modify, and/or distribute this software for any.purpose with or without fee is hereby granted, provided that the above.copyright notice and this permission notice appear in all copies...THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES.WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF.MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR.ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES.WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN.ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF.OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\base-theme.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):395
                                                                                                                                                                                                                      Entropy (8bit):4.65064524812252
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:F7D82C66BB1B9C300B72CC24D214FB6E
                                                                                                                                                                                                                      SHA1:ABE6CBA0FC12D2B82D5BD84543F5C3E9B2BA5E3A
                                                                                                                                                                                                                      SHA-256:AD22F4A05D105265611188E123E4A7EE07BE6D28DC5EF39C98B4F686E7A902A7
                                                                                                                                                                                                                      SHA-512:663E16C0C9179EC8DE0DCB0AFE34C44AA7F2511F5C296CD6F305906BF12112628DDC668E5EEC53C039B8A904F0514DD0B239A13D6E98E50FB6C702FE2B93F55E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'.var spin = require('./spin.js').var progressBar = require('./progress-bar.js')..module.exports = {. activityIndicator: function (values, theme, width) {. if (values.spun == null) return. return spin(theme, values.spun). },. progressbar: function (values, theme, width) {. if (values.completed == null) return. return progressBar(theme, width, values.completed). }.}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\error.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):616
                                                                                                                                                                                                                      Entropy (8bit):4.664170599632696
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:528E2CB56F65929AA4376E585005F1A4
                                                                                                                                                                                                                      SHA1:04E38F90829460D150C24677F678BE9C59A1986D
                                                                                                                                                                                                                      SHA-256:2957DC2045A462606DF224526D880FCC7A472BC992A74B0DB9B23BF1984A9B20
                                                                                                                                                                                                                      SHA-512:C49EEE8427B3315EA6866F094C55DB240B6D7D889A520CC3FB0400ECD25D59C064E9C137FB004F657B03D2F21BE56C00FB7ABEF9E0EF2462D8B9AD75C112EB6D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'.var util = require('util')..var User = exports.User = function User (msg) {. var err = new Error(msg). Error.captureStackTrace(err, User). err.code = 'EGAUGE'. return err.}..exports.MissingTemplateValue = function MissingTemplateValue (item, values) {. var err = new User(util.format('Missing template value "%s"', item.type)). Error.captureStackTrace(err, MissingTemplateValue). err.template = item. err.values = values. return err.}..exports.Internal = function Internal (msg) {. var err = new Error(msg). Error.captureStackTrace(err, Internal). err.code = 'EGAUGEINTERNAL'. return err.}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\has-color.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):292
                                                                                                                                                                                                                      Entropy (8bit):4.961694585234008
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:BBFD402B1F17BCC7FDDD251BE53FEBCC
                                                                                                                                                                                                                      SHA1:A1E073083F20B6CC77B8D164267E14E58771C909
                                                                                                                                                                                                                      SHA-256:921BA24F2AA18494F12C19E48EE6F9713D5EC158C86CD529BAC26CB18D26F6E5
                                                                                                                                                                                                                      SHA-512:34AD365BFA81F83AE099F13C610A640E269DF9AC7202150E3C4356EA3593EF8FFD22E344A9EEFC91086752E974F284CB54D30D4F5FD18DDC5645BDC8ADA69178
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'..module.exports = isWin32() || isColorTerm()..function isWin32 () {. return process.platform === 'win32'.}..function isColorTerm () {. var termHasColor = /^screen|^xterm|^vt100|color|ansi|cygwin|linux/i. return !!process.env.COLORTERM || termHasColor.test(process.env.TERM).}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\index.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):6999
                                                                                                                                                                                                                      Entropy (8bit):4.879143723755625
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:B281079040E5949E3FFEB958BF6E0D65
                                                                                                                                                                                                                      SHA1:5961EDCF3D4483CBE20646A2BE39E7339FD21F09
                                                                                                                                                                                                                      SHA-256:F92C0E6D52B4445754AAF90FDCC6BD603AA3269CAABC71C40DBF660088880FCF
                                                                                                                                                                                                                      SHA-512:530EFC5A4A838C4F00BF12A23923C8BC436355F82596CCA71B1B78FCBCB7A95120B42DE57A29358E4F5460C722FEBED22FB7E6E15F6A285BD3C5C2E42DAF2183
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'.var Plumbing = require('./plumbing.js').var hasUnicode = require('has-unicode').var hasColor = require('./has-color.js').var onExit = require('signal-exit').var defaultThemes = require('./themes').var setInterval = require('./set-interval.js').var process = require('./process.js').var setImmediate = require('./set-immediate')..module.exports = Gauge..function callWith (obj, method) {. return function () {. return method.call(obj). }.}..function Gauge (arg1, arg2) {. var options, writeTo. if (arg1 && arg1.write) {. writeTo = arg1. options = arg2 || {}. } else if (arg2 && arg2.write) {. writeTo = arg2. options = arg1 || {}. } else {. writeTo = process.stderr. options = arg1 || arg2 || {}. }.. this._status = {. spun: 0,. section: '',. subsection: ''. }. this._paused = false // are we paused for back pressure?. this._disabled = true // are all progress bar updates disabled?. this._showing = false // do we WANT the progress bar on scree

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1145
                                                                                                                                                                                                                      Entropy (8bit):4.713703274968255
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:714FF9D2950D5FAFAFE5C09195FD5FC0
                                                                                                                                                                                                                      SHA1:08E5BF35459E89EEA8FFA9B55F532AE927195D36
                                                                                                                                                                                                                      SHA-256:9456DC4D33AA19AFB40121D8AAD7522899F29FE6D585174A9E4AF0BD8800BCA1
                                                                                                                                                                                                                      SHA-512:29F497277ED572F782A80C9EEC34E22AFBF2941906F81C01FCC2B32BB1B4A29490D47E2ED9C8D4EF8F8B963B39227C75513EDE7302FE6C4367A02AA7CCD8712C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "gauge",. "version": "2.7.4",. "description": "A terminal based horizontal guage",. "main": "index.js",. "repository": {. "type": "git",. "url": "https://github.com/iarna/gauge". },. "author": "Rebecca Turner <me@re-becca.org>",. "license": "ISC",. "homepage": "https://github.com/iarna/gauge",. "dependencies": {. "aproba": "^1.0.3",. "console-control-strings": "^1.0.0",. "has-unicode": "^2.0.0",. "object-assign": "^4.1.0",. "signal-exit": "^3.0.0",. "string-width": "^1.0.1",. "strip-ansi": "^3.0.1",. "wide-align": "^1.1.0". },. "devDependencies": {. "readable-stream": "^2.0.6",. "require-inject": "^1.4.0",. "standard": "^7.1.2",. "tap": "^5.7.2",. "through2": "^2.0.0". },. "files": [. "base-theme.js",. "CHANGELOG.md",. "error.js",. "has-color.js",. "index.js",. "LICENSE",. "package.json",. "plumbing.js",. "process.js",. "progress-bar.js",. "README.md",. "render-template.js",. "s

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\plumbing.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1269
                                                                                                                                                                                                                      Entropy (8bit):4.812631067521913
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:097136F02DDD13C2FA1D00467BE17D58
                                                                                                                                                                                                                      SHA1:F6183D68482B5EB91D0D4FCEA01D66739B36FAF9
                                                                                                                                                                                                                      SHA-256:0DB8C804E8D5B02A1F7EFF072D3D7701F2CC5DB341074BBE1E4BDD6CA8E3AA95
                                                                                                                                                                                                                      SHA-512:5E1F13D155E59A9407B93C49A9A219EF06F3322FCD6893145563CC6C8CCAFBCDB87B11BF4728939835197DBE3B2EAA8E602FCABF41FD930E86724C1C10A3C639
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'.var consoleControl = require('console-control-strings').var renderTemplate = require('./render-template.js').var validate = require('aproba')..var Plumbing = module.exports = function (theme, template, width) {. if (!width) width = 80. validate('OAN', [theme, template, width]). this.showing = false. this.theme = theme. this.width = width. this.template = template.}.Plumbing.prototype = {}..Plumbing.prototype.setTheme = function (theme) {. validate('O', [theme]). this.theme = theme.}..Plumbing.prototype.setTemplate = function (template) {. validate('A', [template]). this.template = template.}..Plumbing.prototype.setWidth = function (width) {. validate('N', [width]). this.width = width.}..Plumbing.prototype.hide = function () {. return consoleControl.gotoSOL() + consoleControl.eraseLine().}..Plumbing.prototype.hideCursor = consoleControl.hideCursor..Plumbing.prototype.showCursor = consoleControl.showCursor..Plumbing.prototype.show = function (status) {. var val

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\process.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):89
                                                                                                                                                                                                                      Entropy (8bit):4.173406223573972
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:337306F3FC6274ECD4F9E7C7CEEFFB1D
                                                                                                                                                                                                                      SHA1:8710BC75E47006D96F52C5A8CE8AC224F3E2356D
                                                                                                                                                                                                                      SHA-256:742BD2D12A7786E595955C8A846DBEFE88591DF39C2659491BDDADBB8ED7DAE6
                                                                                                                                                                                                                      SHA-512:DDBB842E803E1F170ADF8EF41E209EB2CD0B857F2605E816EBEFAE3F4C9BC40F70A4FB1B32FBFEED04ED2465D8D19BE573A3958DF51DF7503817766A705A9DE4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'.// this exists so we can replace it during testing.module.exports = process.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\progress-bar.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):998
                                                                                                                                                                                                                      Entropy (8bit):4.716891710573431
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:3CC6FC14B07AF0CEE1C09E3B5051ADD3
                                                                                                                                                                                                                      SHA1:285ABDF17D57765EBE2D807D484851E83F932292
                                                                                                                                                                                                                      SHA-256:0E7F113040C0380731E6B6597A74D7909F4C7A25E3A8909CB06AFCD96D95ABDC
                                                                                                                                                                                                                      SHA-512:C1090398757DC5FC372A4BC2CCBA6C136BDC7FA9605FDB8DFFE40FA32467B0581EA02935C8EA2277327DA6173254198E82CB378C95ED1090C2C517C3E206FEB6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'.var validate = require('aproba').var renderTemplate = require('./render-template.js').var wideTruncate = require('./wide-truncate').var stringWidth = require('string-width')..module.exports = function (theme, width, completed) {. validate('ONN', [theme, width, completed]). if (completed < 0) completed = 0. if (completed > 1) completed = 1. if (width <= 0) return ''. var sofar = Math.round(width * completed). var rest = width - sofar. var template = [. {type: 'complete', value: repeat(theme.complete, sofar), length: sofar},. {type: 'remaining', value: repeat(theme.remaining, rest), length: rest}. ]. return renderTemplate(width, template, theme).}..// lodash's way of repeating.function repeat (string, width) {. var result = ''. var n = width. do {. if (n % 2) {. result += string. }. n = Math.floor(n / 2). /*eslint no-self-assign: 0*/. string += string. } while (n && stringWidth(result) < width).. return wideTruncate(result, width).}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\render-template.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5739
                                                                                                                                                                                                                      Entropy (8bit):4.736972297430681
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:A5AD81E4F407436ED067BD4ED0E0F607
                                                                                                                                                                                                                      SHA1:1D4B5D10409FF9258D8C8459080A98BBEB7189FD
                                                                                                                                                                                                                      SHA-256:291274E3C3E3F680B248935DCD5296C4F76B2E592045231A6D5347782D57DBEB
                                                                                                                                                                                                                      SHA-512:CA9B0DC9470FEA264C1C44B7D946955CA4C9409750D732C5614C1D6953CBD26F8A20EE90BECC32DE1245820CEC67DE811AF06232E108C1005FF19E0033166FC1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'.var align = require('wide-align').var validate = require('aproba').var objectAssign = require('object-assign').var wideTruncate = require('./wide-truncate').var error = require('./error').var TemplateItem = require('./template-item')..function renderValueWithValues (values) {. return function (item) {. return renderValue(item, values). }.}..var renderTemplate = module.exports = function (width, template, values) {. var items = prepareItems(width, template, values). var rendered = items.map(renderValueWithValues(values)).join(''). return align.left(wideTruncate(rendered, width), width).}..function preType (item) {. var cappedTypeName = item.type[0].toUpperCase() + item.type.slice(1). return 'pre' + cappedTypeName.}..function postType (item) {. var cappedTypeName = item.type[0].toUpperCase() + item.type.slice(1). return 'post' + cappedTypeName.}..function hasPreOrPost (item, values) {. if (!item.type) return. return values[preType(item)] || values[postType(item

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\set-immediate.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):139
                                                                                                                                                                                                                      Entropy (8bit):4.4913549644851685
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:E5CB7C218A0F9437498FA48539DD3DD2
                                                                                                                                                                                                                      SHA1:0EE3511B6DAC6BD821FF613BC07FEAFE664CCF3F
                                                                                                                                                                                                                      SHA-256:90DBB2E127D9B971731B2094B2516A463243E4074367DD4129FE2849EF598514
                                                                                                                                                                                                                      SHA-512:D712323110DE5977513F9BCFD945BBB3310A4C45DAC8CAC949A27F7E99F20E0A1A63E200E8BFDC56AA756E3FC670724E953521CBC6C3A2A2E06AFADCF845DCD1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'.var process = require('./process').try {. module.exports = setImmediate.} catch (ex) {. module.exports = process.nextTick.}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\set-interval.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):93
                                                                                                                                                                                                                      Entropy (8bit):4.241995613138929
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:CF1C3E0E4BC3B07ADF812B1C70E8BDBD
                                                                                                                                                                                                                      SHA1:5C2C33590101B8947FDFE9A22BA1D17B1F1E4D70
                                                                                                                                                                                                                      SHA-256:19D2FA52118A39A7810EFEB7BCE45418F3E55EE7B445C85811D07A2F73B7BBB7
                                                                                                                                                                                                                      SHA-512:D4D9F8DD9C997ECAF5A45A88E6627747701B38995EFC956CAF611A3679499896C08134A797C51A90B0A5A1DAD71B0C6A7F65BADEC68F568F9655BD486C7894E4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'.// this exists so we can replace it during testing.module.exports = setInterval.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\spin.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):105
                                                                                                                                                                                                                      Entropy (8bit):4.294394152450316
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:35D56B687E0E510544D77FB01F350406
                                                                                                                                                                                                                      SHA1:B2A1975A8A0D714909FE8D5056804700FEFD11D3
                                                                                                                                                                                                                      SHA-256:4DDB202944FD4E556EDC68107B1A1F33DD25F1910876D2BF04EB5A58AE060C9D
                                                                                                                                                                                                                      SHA-512:D1A19D4AA31DBD4B1793CDFD9B388004E948636C86CAA48120E49A252F3922F4C611C9EC70FA3AB043042C4797C89248607A627025EEA1483C2327751F880B95
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'..module.exports = function spin (spinstr, spun) {. return spinstr[spun % spinstr.length].}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\template-item.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1904
                                                                                                                                                                                                                      Entropy (8bit):4.670466876400621
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:5B4AE4B9EC5331E9C9D1F721146AF2EC
                                                                                                                                                                                                                      SHA1:44EA3E6D6CE673580FB2D20CB6A83E53BA59C197
                                                                                                                                                                                                                      SHA-256:AD544689AB58CB73A30EF89B33A10E3A805B5C22BFF8B37F7F0C5B9A48F7E34A
                                                                                                                                                                                                                      SHA-512:81900B25BB772A07E203219BF0891C219AD5D02FBD36A8066EB8EAC7B4FA51E4E3FFAA1B1ECD48357DA2DD3E6EB7DB287C9527260DFA09395EB279AE5B43C184
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'.var stringWidth = require('string-width')..module.exports = TemplateItem..function isPercent (num) {. if (typeof num !== 'string') return false. return num.slice(-1) === '%'.}..function percent (num) {. return Number(num.slice(0, -1)) / 100.}..function TemplateItem (values, outputLength) {. this.overallOutputLength = outputLength. this.finished = false. this.type = null. this.value = null. this.length = null. this.maxLength = null. this.minLength = null. this.kerning = null. this.align = 'left'. this.padLeft = 0. this.padRight = 0. this.index = null. this.first = null. this.last = null. if (typeof values === 'string') {. this.value = values. } else {. for (var prop in values) this[prop] = values[prop]. }. // Realize percents. if (isPercent(this.length)) {. this.length = Math.round(this.overallOutputLength * percent(this.length)). }. if (isPercent(this.minLength)) {. this.minLength = Math.round(this.overallOutputLength * percent(this.minL

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\theme-set.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3693
                                                                                                                                                                                                                      Entropy (8bit):4.864055911292372
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:4770D98862414436FB700E2F1F5C6327
                                                                                                                                                                                                                      SHA1:6916F70AE783E1B92B6F4089B95A0D1B15280755
                                                                                                                                                                                                                      SHA-256:3A6960A56CE064192D7CCFE4645C92745EBFC6CDBBCE29DC10350EBAFA8AB022
                                                                                                                                                                                                                      SHA-512:375710F3368A38D5E46F73E1C866083AAD6C4B4C2169D185940189981BCF74323889D639F8B5962314FAF5F762D8958C2457C322D9AEE77098E24806C5F72C1E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'.var objectAssign = require('object-assign')..module.exports = function () {. return ThemeSetProto.newThemeSet().}..var ThemeSetProto = {}..ThemeSetProto.baseTheme = require('./base-theme.js')..ThemeSetProto.newTheme = function (parent, theme) {. if (!theme) {. theme = parent. parent = this.baseTheme. }. return objectAssign({}, parent, theme).}..ThemeSetProto.getThemeNames = function () {. return Object.keys(this.themes).}..ThemeSetProto.addTheme = function (name, parent, theme) {. this.themes[name] = this.newTheme(parent, theme).}..ThemeSetProto.addToAllThemes = function (theme) {. var themes = this.themes. Object.keys(themes).forEach(function (name) {. objectAssign(themes[name], theme). }). objectAssign(this.baseTheme, theme).}..ThemeSetProto.getTheme = function (name) {. if (!this.themes[name]) throw this.newMissingThemeError(name). return this.themes[name].}..ThemeSetProto.setDefault = function (opts, name) {. if (name == null) {. name = opts.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\themes.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1543
                                                                                                                                                                                                                      Entropy (8bit):4.935026427619443
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:E07E8E0552CC1F3C6A9FAF25C74E0D75
                                                                                                                                                                                                                      SHA1:2556B438216C7F2CE9985C2E3350A8DD7E419394
                                                                                                                                                                                                                      SHA-256:AA4A4755D792048D9BFFC19F24C8BE89F89338E9FBA52A580DF8BDEA18E243A5
                                                                                                                                                                                                                      SHA-512:9B4A5320F81A56C53E620509D8AADB3D20FFF5A951DBC818271338A7A6CD2206E0775C898726191A382EFD5261459A0ABDF03C4E76A007D46861905ECDC6421B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'.var consoleControl = require('console-control-strings').var ThemeSet = require('./theme-set.js')..var themes = module.exports = new ThemeSet()..themes.addTheme('ASCII', {. preProgressbar: '[',. postProgressbar: ']',. progressbarTheme: {. complete: '#',. remaining: '.'. },. activityIndicatorTheme: '-\\|/',. preSubsection: '>'.})..themes.addTheme('colorASCII', themes.getTheme('ASCII'), {. progressbarTheme: {. preComplete: consoleControl.color('inverse'),. complete: ' ',. postComplete: consoleControl.color('stopInverse'),. preRemaining: consoleControl.color('brightBlack'),. remaining: '.',. postRemaining: consoleControl.color('reset'). }.})..themes.addTheme('brailleSpinner', {. preProgressbar: '.',. postProgressbar: '.',. progressbarTheme: {. complete: '.',. remaining: '.'. },. activityIndicatorTheme: '..........',. preSubsection: '>'.})..themes.addTheme('colorBrailleSpinner', themes.getTheme('brailleSpin

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\gauge\wide-truncate.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):828
                                                                                                                                                                                                                      Entropy (8bit):4.506998856918432
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:75D9702A66C7A37F8603E6C1C29929B2
                                                                                                                                                                                                                      SHA1:684A2D866C9DBA4F80F0B645600A096883F79B5C
                                                                                                                                                                                                                      SHA-256:9CDA29FE56643215B87710E4D99DF6A2A78101927D99047EE69DFB114017138D
                                                                                                                                                                                                                      SHA-512:018595A09E7A32DEBDA35055427C9B327400C5D55989227BD42EA52A3BCABE7AF7BF9948FDD6D758C42C354135AC75BC4F3EFFF2B723209A7C3FA3BD0A015CAA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'.var stringWidth = require('string-width').var stripAnsi = require('strip-ansi')..module.exports = wideTruncate..function wideTruncate (str, target) {. if (stringWidth(str) === 0) return str. if (target <= 0) return ''. if (stringWidth(str) <= target) return str.. // We compute the number of bytes of ansi sequences here and add. // that to our initial truncation to ensure that we don't slice one. // that we want to keep in half.. var noAnsi = stripAnsi(str). var ansiSize = str.length + noAnsi.length. var truncated = str.slice(0, target + ansiSize).. // we have to shrink the result to account for our ansi sequence buffer. // (if an ansi sequence was truncated) and double width characters.. while (stringWidth(truncated) > target) {. truncated = truncated.slice(0, -1). }. return truncated.}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\is-fullwidth-code-point\index.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1463
                                                                                                                                                                                                                      Entropy (8bit):5.341537919917637
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:2F08A4AAE88894D808045E430DAB146C
                                                                                                                                                                                                                      SHA1:7647B9A016393C95E9694FF1DAFB3E4EE66FD795
                                                                                                                                                                                                                      SHA-256:6701D64B4AD395F30B07F8685C04C6D61CA9C98094D75D0B2E06687E2386910F
                                                                                                                                                                                                                      SHA-512:B781BB499AC4701C4C09C4CC2C20141D960FC76C163F2CE1BEA8093C3997A84AC243CAB901BC523FCF327379E2EC2F553E230FD7F5116F8717838E2611722243
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict';.var numberIsNan = require('number-is-nan');..module.exports = function (x) {..if (numberIsNan(x)) {...return false;..}...// https://github.com/nodejs/io.js/blob/cff7300a578be1b10001f2d967aaedc88aee6402/lib/readline.js#L1369...// code points are derived from:..// http://www.unix.org/Public/UNIDATA/EastAsianWidth.txt..if (x >= 0x1100 && (...x <= 0x115f || // Hangul Jamo...0x2329 === x || // LEFT-POINTING ANGLE BRACKET...0x232a === x || // RIGHT-POINTING ANGLE BRACKET...// CJK Radicals Supplement .. Enclosed CJK Letters and Months...(0x2e80 <= x && x <= 0x3247 && x !== 0x303f) ||...// Enclosed CJK Letters and Months .. CJK Unified Ideographs Extension A...0x3250 <= x && x <= 0x4dbf ||...// CJK Unified Ideographs .. Yi Radicals...0x4e00 <= x && x <= 0xa4c6 ||...// Hangul Jamo Extended-A...0xa960 <= x && x <= 0xa97c ||...// Hangul Syllables...0xac00 <= x && x <= 0xd7a3 ||...// CJK Compatibility Ideographs...0xf900 <= x && x <= 0xfaff ||...// Vertical Forms...0xfe10 <= x && x

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\is-fullwidth-code-point\license

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1119
                                                                                                                                                                                                                      Entropy (8bit):5.1078795238525405
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:A12EBCA0510A773644101A99A867D210
                                                                                                                                                                                                                      SHA1:0C94F137F6E0536DB8CB2622A9DC84253B91B90C
                                                                                                                                                                                                                      SHA-256:6FB9754611C20F6649F68805E8C990E83261F29316E29DE9E6CEDAE607B8634C
                                                                                                                                                                                                                      SHA-512:AE79E7A4209A451AEF6B78F7B0B88170E7A22335126AC345522BF4EAFE0818DA5865AAE1507C5DC0224EF854548C721DF9A84371822F36D50CBCD97FA946EEE9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:The MIT License (MIT)..Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TO

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\is-fullwidth-code-point\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):561
                                                                                                                                                                                                                      Entropy (8bit):4.622284903279248
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:7022383A1D71C5BBA1DF66BFC024203C
                                                                                                                                                                                                                      SHA1:7BB0A7FBEEEF1E5CFEA39B063AA968E072B07AD2
                                                                                                                                                                                                                      SHA-256:30C9E9125BF6654345A8C4DC532DB161D098187A223E0E3AC78A68E115ABFCB4
                                                                                                                                                                                                                      SHA-512:109A8703648B0B2B509FCFAC807EE2CC9E0202539EE9B428936E8C88C060753393604BE2226677324B7834CF2E74D4DD682F2A97FFDCAD4DEE9988468948C38F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "is-fullwidth-code-point",. "version": "1.0.0",. "description": "Check if the character represented by a given Unicode code point is fullwidth",. "license": "MIT",. "repository": "sindresorhus/is-fullwidth-code-point",. "author": {. "name": "Sindre Sorhus",. "email": "sindresorhus@gmail.com",. "url": "sindresorhus.com". },. "engines": {. "node": ">=0.10.0". },. "files": [. "index.js". ],. "dependencies": {. "number-is-nan": "^1.0.0". },. "devDependencies": {. "ava": "0.0.4",. "code-point-at": "^1.0.0". }.}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\mimic-response\index.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):866
                                                                                                                                                                                                                      Entropy (8bit):4.874330655934767
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:62DE4DC4D0C0C096BC7F52EDB749B622
                                                                                                                                                                                                                      SHA1:230D9C7141C2886140B3E2B6CBE3E2C980C2555D
                                                                                                                                                                                                                      SHA-256:954E75EB633F92DF1143EF3A9F199DF54C8F42CECD65C00A397AA890099DF60B
                                                                                                                                                                                                                      SHA-512:6838F7CBD29AABE5DC81C984303338B407C146FE89CFCB0A83FFC39D3A4CA0E0EEA67A0088309B8DCCA3990D3E71DAC5DCCBEF74EA34749D241889C3E20FDA6A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict';..// We define these manually to ensure they're always copied.// even if they would move up the prototype chain.// https://nodejs.org/api/http.html#http_class_http_incomingmessage.const knownProperties = [..'aborted',..'complete',..'destroy',..'headers',..'httpVersion',..'httpVersionMinor',..'httpVersionMajor',..'method',..'rawHeaders',..'rawTrailers',..'setTimeout',..'socket',..'statusCode',..'statusMessage',..'trailers',..'url'.];..module.exports = (fromStream, toStream) => {..const fromProperties = new Set(Object.keys(fromStream).concat(knownProperties));...for (const property of fromProperties) {...// Don't overwrite existing properties....if (property in toStream) {....continue;...}....toStream[property] = typeof fromStream[property] === 'function' ? fromStream[property].bind(fromStream) : fromStream[property];..}...return toStream;.};.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\mimic-response\license

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (460)
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1117
                                                                                                                                                                                                                      Entropy (8bit):5.079903213409815
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:D5F2A6DD0192DCC7C833E50BB9017337
                                                                                                                                                                                                                      SHA1:80674912E3033BE358331910BA27D5812369C2FC
                                                                                                                                                                                                                      SHA-256:5C932D88256B4AB958F64A856FA48E8BD1F55BC1D96B8149C65689E0C61789D3
                                                                                                                                                                                                                      SHA-512:D1F336FF272BC6B96DC9A04A7D0EF8F02936DD594F514060340478EE575FE01D55FC7A174DF5814A4FAF72C8462B012998ECA7BB898E3F9A3E87205FB9135AF2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MIT License..Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (https://sindresorhus.com)..Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\mimic-response\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):665
                                                                                                                                                                                                                      Entropy (8bit):4.657947517329449
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:D531D31E860862BEB8C10E78AE8C6A93
                                                                                                                                                                                                                      SHA1:DE74A0B464DCA5C041F9250AF72CD099D3F8F85D
                                                                                                                                                                                                                      SHA-256:02BE0F57FAA3DC5DE99F441DE093BF9C10294ED0A8888C73D55B326F82460B85
                                                                                                                                                                                                                      SHA-512:AD86A8D8AF15EB5BDB05F77A942B515CC14A04871950D7F4837BDE8EC9176C2532588D3E41A91B3DA7D8F2835AA9444E81A81858462A504B3D3402F2238FAF3B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "mimic-response",. "version": "2.1.0",. "description": "Mimic a Node.js HTTP response stream",. "license": "MIT",. "repository": "sindresorhus/mimic-response",. "funding": "https://github.com/sponsors/sindresorhus",. "author": {. "name": "Sindre Sorhus",. "email": "sindresorhus@gmail.com",. "url": "https://sindresorhus.com". },. "engines": {. "node": ">=8". },. "files": [. "index.d.ts",. "index.js". ],. "devDependencies": {. "@sindresorhus/tsconfig": "^0.3.0",. "@types/node": "^12.0.0",. "ava": "^1.1.0",. "create-test-server": "^2.4.0",. "pify": "^4.0.1",. "tsd": "^0.7.3",. "xo": "^0.24.0". }.}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-abi\CODE_OF_CONDUCT.md

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3194
                                                                                                                                                                                                                      Entropy (8bit):4.501539803861547
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:EAB4AF3D288D00677E2780040D15A172
                                                                                                                                                                                                                      SHA1:3BC92457B1A6F9D42E979C75A359894B168D117B
                                                                                                                                                                                                                      SHA-256:E9603DC16CE6B339120BF32D50D7B0D1776527DEDBCD90D7F400B336530BABE3
                                                                                                                                                                                                                      SHA-512:E36CB0ED1E9AA5FCC4E681A30F413702E8F28CEBAF7AB52BDA5D0DB2EB3B08D139469914D2236DA3F6146DF452F09FF571EC3CBEF67C61BD063F79CBDBBCB557
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:# Contributor Covenant Code of Conduct..## Our Pledge..In the interest of fostering an open and welcoming environment, we as.contributors and maintainers pledge to making participation in our project and.our community a harassment-free experience for everyone, regardless of age, body.size, disability, ethnicity, gender identity and expression, level of experience,.nationality, personal appearance, race, religion, or sexual identity and.orientation...## Our Standards..Examples of behavior that contributes to creating a positive environment.include:..* Using welcoming and inclusive language.* Being respectful of differing viewpoints and experiences.* Gracefully accepting constructive criticism.* Focusing on what is best for the community.* Showing empathy towards other community members..Examples of unacceptable behavior by participants include:..* The use of sexualized language or imagery and unwelcome sexual attention or. advances.* Trolling, insulting/derogatory comments, and persona

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-abi\CONTRIBUTING.md

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1646
                                                                                                                                                                                                                      Entropy (8bit):4.928630940879876
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:DFAC083BF61441BF9C6BE6AF674C7B63
                                                                                                                                                                                                                      SHA1:344B1134ACEC1139183FB6F08841F839A4C393EE
                                                                                                                                                                                                                      SHA-256:A6B7B86697CA5F10BD5854C0150570199EE222EEF3E75427207828B398B4E1E3
                                                                                                                                                                                                                      SHA-512:809F4F3DAF8B25D100ABBF26D625372F3D3274A3440D804F47B1D4B5E9F96F8F4C3716D9904B6EC105F29CF3A72B96763CE6FB9849763298B844D69B5A66BBE7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:# Contributing to `node-abi`..:+1::tada: First off, thanks for taking the time to contribute to `node-abi`! :tada::+1:..## Commit Message Guidelines..This module uses [`semantic-release`](https://github.com/semantic-release/semantic-release) to automatically release new versions via Travis..Therefor we have very precise rules over how our git commit messages can be formatted...Each commit message consists of a **header**, a **body** and a **footer**. The header has a special.format that includes a **type**, a **scope** and a **subject** ([full explanation](https://github.com/stevemao/conventional-changelog-angular/blob/master/convention.md)):..```.<type>(<scope>): <subject>.<BLANK LINE>.<body>.<BLANK LINE>.<footer>.```..### Type..Must be one of the following:..- **feat**: A new feature. **Will trigger a new release**.- **fix**: A bug fix or a addition to one of the target arrays. **Will trigger a new release**.- **docs**: Documentation only changes.- **style**: Changes that do not aff

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-abi\LICENSE

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1069
                                                                                                                                                                                                                      Entropy (8bit):5.103348028012637
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:950DED031080D1CC5EFFFEC127B7A852
                                                                                                                                                                                                                      SHA1:66E84AB41910FD7096BFAA03A7ACC09954E8D842
                                                                                                                                                                                                                      SHA-256:9A508CD4122F2DC1CC39F8AB0B6950EFBC49FB087A581C7177A4B8C9D5D0D6A1
                                                                                                                                                                                                                      SHA-512:0AD3F1899DD286EF4D58B11CC8A6B10FC0D8077BDBB759883E919F4D3CA5FA720FB8C1AB42184F4ADBE9B9481B80D6AF5C80D7DFD2CE32BE3845DE6E7B24F433
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MIT License..Copyright (c) 2016 Lukas Geiger..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF OR IN CONNEC

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-abi\abi_registry.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2372
                                                                                                                                                                                                                      Entropy (8bit):4.12231311668483
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:03665FDFB9273A257773C431321A644B
                                                                                                                                                                                                                      SHA1:0B3E1371171DC8F3625AD9F83B5992C682913DBA
                                                                                                                                                                                                                      SHA-256:D06CE08742067D1CC6D344E65789ADEF5FF535C72A2A171D7835F193839FF2D3
                                                                                                                                                                                                                      SHA-512:9AF62003A3585A633C5396B4445E25C69E96C6C381A400A3E806C5E5B57AEB72777172CFADBE5BCB6457D039CE7D88807EA66ABA4B280074429FB0267F254B9D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:[. {. "runtime": "node",. "target": "11.0.0",. "lts": false,. "future": false,. "abi": "67". },. {. "runtime": "node",. "target": "12.0.0",. "lts": [. "2019-10-21",. "2020-11-30". ],. "future": false,. "abi": "72". },. {. "runtime": "node",. "target": "13.0.0",. "lts": false,. "future": false,. "abi": "79". },. {. "runtime": "node",. "target": "14.0.0",. "lts": [. "2020-10-27",. "2021-10-19". ],. "future": false,. "abi": "83". },. {. "runtime": "node",. "target": "15.0.0",. "lts": false,. "future": false,. "abi": "88". },. {. "runtime": "node",. "target": "16.0.0",. "lts": [. "2021-10-26",. "2022-10-18". ],. "future": false,. "abi": "93". },. {. "abi": "70",. "future": false,. "lts": false,. "runtime": "electron",. "target": "5.0.0-beta.9". },. {. "abi": "73",. "future": false,. "lts": false,. "runtime": "electron",.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-abi\index.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):6391
                                                                                                                                                                                                                      Entropy (8bit):4.801370315505753
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:E93E5ADCD01557965DC78FAAA30507BE
                                                                                                                                                                                                                      SHA1:70F50B155A2A3343E4686857C13E6A9399F61DBB
                                                                                                                                                                                                                      SHA-256:415B4A0BF6AB54EAE4DD4B8A2D907704C44A62BA9528B81FACD6C1397D10C27B
                                                                                                                                                                                                                      SHA-512:E43DCC4D0733128C64443BE9E3E7104AF9469DC2983BB81BCBC1CE7BDA4D83B59077827B3A149D9943DCC4A048C7294AEFD6652D6435004B78018A754D161944
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:var semver = require('semver')..function getNextTarget (runtime, targets) {. if (targets == null) targets = allTargets. var latest = targets.filter(function (t) { return t.runtime === runtime }).slice(-1)[0]. var increment = runtime === 'electron' ? 'minor' : 'major'. var next = semver.inc(latest.target, increment). // Electron releases appear in the registry in their beta form, sometimes there is. // no active beta line. During this time we need to double bump. if (runtime === 'electron' && semver.parse(latest.target).prerelease.length) {. next = semver.inc(next, 'major'). }. return next.}..function getAbi (target, runtime) {. if (target === String(Number(target))) return target. if (target) target = target.replace(/^v/, ''). if (!runtime) runtime = 'node'.. if (runtime === 'node') {. if (!target) return process.versions.modules. if (target === process.versions.node) return process.versions.modules. }.. var abi.. for (var i = 0; i < allTargets.length; i++) {.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-abi\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):547
                                                                                                                                                                                                                      Entropy (8bit):4.714182855359528
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:24E7D6C909377B04EA0A20539BA9A8FE
                                                                                                                                                                                                                      SHA1:0F058704F7E1FD55033E2A72A298D2CE27D70E91
                                                                                                                                                                                                                      SHA-256:841DEC4957A889146D1497C56DEAFA6D45C2AEB810437569204F6913388591E7
                                                                                                                                                                                                                      SHA-512:4C35B62028CB56B09B7C575ABE6A285D6A4EC30637FAFAA467D4B4E35D0C6D332DA2AA430EE25454C8E783C464026A5FDA3AF0D39C713BCA65769F3FB018351D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "node-abi",. "version": "2.30.1",. "description": "Get the Node ABI for a given target and runtime, and vice versa.",. "main": "index.js",. "repository": {. "type": "git",. "url": "https://github.com/lgeiger/node-abi.git". },. "author": "Lukas Geiger",. "license": "MIT",. "homepage": "https://github.com/lgeiger/node-abi#readme",. "devDependencies": {. "got": "^10.6.0",. "semantic-release": "^15.8.0",. "tape": "^4.6.3",. "travis-deploy-once": "^5.0.1". },. "dependencies": {. "semver": "^5.4.1". }.}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-abi\scripts\update-abi-registry.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3318
                                                                                                                                                                                                                      Entropy (8bit):4.64376573594981
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:D1CE925631846EB36D2C11E28C88697D
                                                                                                                                                                                                                      SHA1:F121A7A94ABB384689BE6ACFAF54CF63952BD03A
                                                                                                                                                                                                                      SHA-256:123632D6E5A78C7817B8E99448BB493A0C613EA31FB20DB8DD5A1963AD80C651
                                                                                                                                                                                                                      SHA-512:7C51B2930E48911B1F23E2A7EBAF096B6AB05E90F30CED80B2FF7D06F5431DE6844A15A8D7FCA3FA5D631E68A6327E0E0AAC307BDDC1313639A90EBD2ED2498D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:const got = require('got').const path = require('path').const semver = require('semver').const { writeFile } = require('fs').promises..async function getJSONFromCDN (urlPath) {. const response = await got(`https://cdn.jsdelivr.net/gh/${urlPath}`). return JSON.parse(response.body).}..async function fetchElectronReleases () {. const response = await got(`https://electronjs.org/headers/index.json`). return JSON.parse(response.body).}..async function fetchNodeVersions () {. const schedule = await getJSONFromCDN('nodejs/Release/schedule.json'). const versions = {}.. for (const [majorVersion, metadata] of Object.entries(schedule)) {. if (majorVersion.startsWith('v0')) {. continue. }. const version = `${majorVersion.slice(1)}.0.0`. const lts = metadata.hasOwnProperty('lts') ? [metadata.lts, metadata.maintenance] : false. versions[version] = {. runtime: 'node',. target: version,. lts: lts,. future: new Date(Date.parse(metadata.start)) > new Date()

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\LICENSE.md

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (460)
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1245
                                                                                                                                                                                                                      Entropy (8bit):5.198916936408371
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:0492EF29A9D558A3E9660E7ACCC9CA6A
                                                                                                                                                                                                                      SHA1:0AEF1FF2A58152DC83BAAA6D5E97E54525C4FF21
                                                                                                                                                                                                                      SHA-256:4FCF69BBECB999EC8FA0ECE62BC8934B7CDD45061AC1A8B1939A09BE64CD4352
                                                                                                                                                                                                                      SHA-512:2FF6743661D190A0C7DABF3508D57C0D86C7ECD7B8200577E4EBFD937D3782A15D49F327B81428AFABC706D378C45F20ECA067C084A3376D770D4DFCE0F3E29F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:The MIT License (MIT).=====================..Copyright (c) 2017 Node.js API collaborators.-----------------------------------..*Node.js API collaborators listed at <https://github.com/nodejs/node-addon-api#collaborators>*..Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT S

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\common.gypi

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):762
                                                                                                                                                                                                                      Entropy (8bit):5.173881166313352
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:98F8C21891914449F85FDBEBDE5EE6F2
                                                                                                                                                                                                                      SHA1:40F91D126351B0FC9FD4F03B33CCA72D952DEFC3
                                                                                                                                                                                                                      SHA-256:F15742E3019096B85EF3E8985E2FE66C4DDA722908577E113A1B0264893ECCA8
                                                                                                                                                                                                                      SHA-512:E2254B498E89D972733B3F390010843E924C68AEAB96F6C00CD6B3FB6C447E69ADF3A9B9CAF66ADC9DBC9BB57DFD92873D931A3D2E9FC37D8F934CA5B258BBE0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. 'variables': {. 'NAPI_VERSION%': "<!(node -p \"process.versions.napi\")",. 'disable_deprecated': "<!(node -p \"process.env['npm_config_disable_deprecated']\")". },. 'conditions': [. ['NAPI_VERSION!=""', { 'defines': ['NAPI_VERSION=<@(NAPI_VERSION)'] } ],. ['disable_deprecated=="true"', {. 'defines': ['NODE_ADDON_API_DISABLE_DEPRECATED']. }],. ['OS=="mac"', {. 'cflags+': ['-fvisibility=hidden'],. 'xcode_settings': {. 'OTHER_CFLAGS': ['-fvisibility=hidden']. }. }]. ],. 'include_dirs': ["<!(node -p \"require('../').include_dir\")"],. 'cflags': [ '-Werror', '-Wall', '-Wextra', '-Wpedantic', '-Wunused-parameter' ],. 'cflags_cc': [ '-Werror', '-Wall', '-Wextra', '-Wpedantic', '-Wunused-parameter' ].}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\except.gypi

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):381
                                                                                                                                                                                                                      Entropy (8bit):5.033837554185557
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:0A0F340CC9A807DBF4F8B706BCAEDAEA
                                                                                                                                                                                                                      SHA1:03768A848E11C21B33A9EBC43CB337CA146D0C74
                                                                                                                                                                                                                      SHA-256:DA3A1C3C08FDF60C68D7D8D11EF1C73ADC5D8B73D8AC8D649922109E077A7808
                                                                                                                                                                                                                      SHA-512:CE0F1D34999FB1E5719CE9ABE6F9A89E8ECCD8AAC80995580927BE6AC39812CFA0BA063AFBE29E001CC3B071F56294F591D948DA32969B070AF3B8BCAB1B5E26
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. 'defines': [ 'NAPI_CPP_EXCEPTIONS' ],. 'cflags!': [ '-fno-exceptions' ],. 'cflags_cc!': [ '-fno-exceptions' ],. 'msvs_settings': {. 'VCCLCompilerTool': {. 'ExceptionHandling': 1,. 'EnablePREfast': 'true',. },. },. 'xcode_settings': {. 'CLANG_CXX_LIBRARY': 'libc++',. 'MACOSX_DEPLOYMENT_TARGET': '10.7',. 'GCC_ENABLE_CPP_EXCEPTIONS': 'YES',. },.}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\index.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):296
                                                                                                                                                                                                                      Entropy (8bit):4.884319320380166
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:B6CC90D5B932A30E0F0CCC50AD604B14
                                                                                                                                                                                                                      SHA1:8ADC616FC0A9AEBDFCE536AA9BF7E552FAFDC403
                                                                                                                                                                                                                      SHA-256:6528E924B31E091C3243132FE713EA0F1FA6362FFAA3C2DD09D12670DB6B60DC
                                                                                                                                                                                                                      SHA-512:11C964D1B60030C9F750EBF078F46836238B4D4334BBBF1A85F32C759111EA6099FAC1C827C88A17B8D17876583EEA357DAD2D55F3CBBAC14690A58CD0CBEC5D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:const path = require('path');..const include_dir = path.relative('.', __dirname);..module.exports = {. include: `"${__dirname}"`, // deprecated, can be removed as part of 4.0.0. include_dir,. gyp: path.join(include_dir, 'node_api.gyp:nothing'),. isNodeApiBuiltin: true,. needsFlag: false.};.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\napi-inl.deprecated.h

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:C++ source, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):7251
                                                                                                                                                                                                                      Entropy (8bit):3.9808680664415825
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:9449D419B251F86FBFE7A48795347026
                                                                                                                                                                                                                      SHA1:3B05F270E067B03608BA2479CAE3B0F04307EFF9
                                                                                                                                                                                                                      SHA-256:96AFB169FD8AF899DDCADC102EA137E3CD253C13B8862CB11BD58601FE2A5F90
                                                                                                                                                                                                                      SHA-512:2B2797394C59CAC5B73E6E39604E4EE5A51E6624F55426FB5FC125A1F29EC0FD9B0B3C2A4715E7B9475F814D364D684A1655ACC68D34DE89795475420BE9544F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:#ifndef SRC_NAPI_INL_DEPRECATED_H_.#define SRC_NAPI_INL_DEPRECATED_H_..////////////////////////////////////////////////////////////////////////////////.// PropertyDescriptor class.////////////////////////////////////////////////////////////////////////////////..template <typename Getter>.inline PropertyDescriptor.PropertyDescriptor::Accessor(const char* utf8name,. Getter getter,. napi_property_attributes attributes,. void* /*data*/) {. using CbData = details::CallbackData<Getter, Napi::Value>;. // TODO: Delete when the function is destroyed. auto callbackData = new CbData({ getter, nullptr });.. return PropertyDescriptor({. utf8name,. nullptr,. nullptr,. CbData::Wrapper,. nullptr,. nullptr,. attributes,. callbackData. });.}..template <typename Getter>.inline PropertyDescriptor PropertyDescriptor::Accessor(const std::string& utf8name,.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\napi-inl.h

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:C++ source, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):186981
                                                                                                                                                                                                                      Entropy (8bit):4.897196625190984
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:2CEE9A214A79B9D8C7D472FD896CBAD3
                                                                                                                                                                                                                      SHA1:194F76484E58746A25C1059E123B1FA37EBB71F5
                                                                                                                                                                                                                      SHA-256:732F3D74B7C64C761A989455BCA127D9C384651264AB27E5009D0BC78882BF81
                                                                                                                                                                                                                      SHA-512:88319846081CADE57DAC7FBD85B8BD4D2F365F8401E9703D83FB3D0DD474F21772BD83A265CB14012DEF6E70CB6D26E7D112C11C592B343B82F64FE82665D339
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:#ifndef SRC_NAPI_INL_H_.#define SRC_NAPI_INL_H_..////////////////////////////////////////////////////////////////////////////////.// Node-API C++ Wrapper Classes.//.// Inline header-only implementations for "Node-API" ABI-stable C APIs for.// Node.js..////////////////////////////////////////////////////////////////////////////////..// Note: Do not include this file directly! Include "napi.h" instead...#include <algorithm>.#include <cstring>.#include <mutex>.#include <type_traits>..namespace Napi {..// Helpers to handle functions exposed from C++..namespace details {..// Attach a data item to an object and delete it when the object gets.// garbage-collected..// TODO: Replace this code with `napi_add_finalizer()` whenever it becomes.// available on all supported versions of Node.js..template <typename FreeType>.static inline napi_status AttachData(napi_env env,. napi_value obj,. FreeType* data,.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\napi.h

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:C++ source, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):111175
                                                                                                                                                                                                                      Entropy (8bit):4.531542944884292
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:B59FA48B954ADC35A55A508082DA0E5C
                                                                                                                                                                                                                      SHA1:6F85F0DAF46E606933B6033CD3DB5B80EFEDA429
                                                                                                                                                                                                                      SHA-256:1084A55623F0357F42FF55918BDD960C226FD90DDD1815B55CE094E55486689E
                                                                                                                                                                                                                      SHA-512:4AC95F06A6B905FB94221607482EA712BEA0CF3CBAD9DD3C855A0256F2C908BF0E0467C66A8A74DDF16A0F6E26DFDE203BB186852922B53EE7ED090E1172F0BD
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:#ifndef SRC_NAPI_H_.#define SRC_NAPI_H_..#include <node_api.h>.#include <functional>.#include <initializer_list>.#include <memory>.#include <mutex>.#include <string>.#include <vector>..// VS2015 RTM has bugs with constexpr, so require min of VS2015 Update 3 (known good version).#if !defined(_MSC_VER) || _MSC_FULL_VER >= 190024210.#define NAPI_HAS_CONSTEXPR 1.#endif..// VS2013 does not support char16_t literal strings, so we'll work around it using wchar_t strings.// and casting them. This is safe as long as the character sizes are the same..#if defined(_MSC_VER) && _MSC_VER <= 1800.static_assert(sizeof(char16_t) == sizeof(wchar_t), "Size mismatch between char16_t and wchar_t");.#define NAPI_WIDE_TEXT(x) reinterpret_cast<char16_t*>(L ## x).#else.#define NAPI_WIDE_TEXT(x) u ## x.#endif..// If C++ exceptions are not explicitly enabled or disabled, enable them.// if exceptions were enabled in the compiler settings..#if !defined(NAPI_CPP_EXCEPTIONS) && !defined(NAPI_DISABLE_CPP_EXCEPTIONS).

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\node_api.gyp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):132
                                                                                                                                                                                                                      Entropy (8bit):4.010854302019321
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:FCEC1557AC47891385AE1F67E6DA343A
                                                                                                                                                                                                                      SHA1:E361D3A3BE19E802820F2FE59BFDF7C9EF72FC74
                                                                                                                                                                                                                      SHA-256:3CD2C44FB0974F016376B676D46BBEBBCA7C89D4383B09ECE30E4CB4122A1499
                                                                                                                                                                                                                      SHA-512:43715845F701ABDC09FE59D33E3F61E19278ABBACB122EDAF1B26DE55BD80B3354B76D5616905C8038EB6158C3399162B40A73742B7E4C733B3AC187E9DB0AA3
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. 'targets': [. {. 'target_name': 'nothing',. 'type': 'static_library',. 'sources': [ 'nothing.c' ]. }. ].}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\noexcept.gypi

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):386
                                                                                                                                                                                                                      Entropy (8bit):5.035056853339696
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:E930234C43421C4646A6E97CA67C4A51
                                                                                                                                                                                                                      SHA1:E95ED77F1DE8896691D2AD75290F39E89C51F845
                                                                                                                                                                                                                      SHA-256:780402B7ACD03EA966DE2F89F08A13FDE81ACE1B498B748621F908478F3778B0
                                                                                                                                                                                                                      SHA-512:60644B83C2B550F329516EF3D5A80E80CE73436BA2BA017E445BA2D6B99C117051A46F0AC96021EA636ED516074DC5F61AF65323C83D5626D5F74BC41EE0A7A5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. 'defines': [ 'NAPI_DISABLE_CPP_EXCEPTIONS' ],. 'cflags': [ '-fno-exceptions' ],. 'cflags_cc': [ '-fno-exceptions' ],. 'msvs_settings': {. 'VCCLCompilerTool': {. 'ExceptionHandling': 0,. 'EnablePREfast': 'true',. },. },. 'xcode_settings': {. 'CLANG_CXX_LIBRARY': 'libc++',. 'MACOSX_DEPLOYMENT_TARGET': '10.7',. 'GCC_ENABLE_CPP_EXCEPTIONS': 'NO',. },.}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\package-support.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):467
                                                                                                                                                                                                                      Entropy (8bit):4.019589958784576
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:33E3FB94807BCD5102535F476C6A46A8
                                                                                                                                                                                                                      SHA1:DEDC07E9973F104E29D2EEE9AD3468B0F40DD620
                                                                                                                                                                                                                      SHA-256:B1CB7DA23CCA1681C7392A3C889EB0CC4916C53D2D7692D4B654AE751F3442F3
                                                                                                                                                                                                                      SHA-512:BBC762C8886EC78FD889B46ABFD9F9ACA7F5D2CADBF9676F6A010026D4056CAA076516380B3C0737C61962E8BB5B0555095DD0386C99D9DA773C200CFA130755
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "versions": [. {. "version": "*",. "target": {. "node": "active". },. "response": {. "type": "time-permitting",. "paid": false,. "contact": {. "name": "node-addon-api team",. "url": "https://github.com/nodejs/node-addon-api/issues". }. },. "backing": [ { "project": "https://github.com/nodejs" },. { "foundation": "https://openjsf.org/" }. ]. }. ].}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):708
                                                                                                                                                                                                                      Entropy (8bit):4.80181350537697
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:B269C0C8F3FCD34CB1BBC2195E7FABF8
                                                                                                                                                                                                                      SHA1:4F2BCBC0135EE4134B1D6CEF8F1A3315C758993E
                                                                                                                                                                                                                      SHA-256:0A7592650577085C907CA83AAB56648EB56466097CE59028FE6FBF71DBD71F21
                                                                                                                                                                                                                      SHA-512:F457D1E30B8B339FC6C375BA6D787CD587C8F7B7789D7EF1576120C5F7355A6D8B84C8C7D954056B13EB9235BAFD12998F371F2FFC7F2DF535E494CEAD328444
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "description": "Node.js API (Node-API)",. "devDependencies": {. "benchmark": "^2.1.4",. "bindings": "^1.5.0",. "clang-format": "^1.4.0",. "fs-extra": "^9.0.1",. "pre-commit": "^1.2.2",. "safe-buffer": "^5.1.1". },. "directories": {},. "gypfile": false,. "homepage": "https://github.com/nodejs/node-addon-api",. "license": "MIT",. "main": "index.js",. "name": "node-addon-api",. "optionalDependencies": {},. "readme": "README.md",. "repository": {. "type": "git",. "url": "git://github.com/nodejs/node-addon-api.git". },. "files": [. "*.{c,h,gyp,gypi}",. "package-support.json",. "tools/". ],. "pre-commit": "lint",. "version": "3.2.1",. "support": true.}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\tools\README.md

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (339)
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3217
                                                                                                                                                                                                                      Entropy (8bit):4.926428555338531
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:34143C24D232AC62205EC0B7601CB109
                                                                                                                                                                                                                      SHA1:3DECBDEED6F0C742925A5BE9B78F5251A4C0B569
                                                                                                                                                                                                                      SHA-256:65E9EA918538F453166B10A1D609CF44CEC3D2D01F23FECB5265FB3A4BF303D5
                                                                                                                                                                                                                      SHA-512:07DAD1D9C5C618AFC5FE2B8183EA40DB0CD736E0600BA8BDE4F38DB726D85E277C460140EF312C91A748A208FFA72283BE01A224F976F3421F144A2977EA4B2F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:# Tools..## clang-format..The clang-format checking tools is designed to check changed lines of code compared to given git-refs...## Migration Script..The migration tool is designed to reduce repetitive work in the migration process. However, the script is not aiming to convert every thing for you. There are usually some small fixes and major reconstruction required...### How To Use..To run the conversion script, first make sure you have the latest `node-addon-api` in your `node_modules` directory..```.npm install node-addon-api.```..Then run the script passing your project directory.```.node ./node_modules/node-addon-api/tools/conversion.js ./.```..After finish, recompile and debug things that are missed by the script....### Quick Fixes.Here is the list of things that can be fixed easily.. 1. Change your methods' return value to void if it doesn't return value to JavaScript.. 2. Use `.` to access attribute or to invoke member function in Napi::Object instead of `->`.. 3. `Napi::New

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\tools\check-napi.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3210
                                                                                                                                                                                                                      Entropy (8bit):4.725163839814415
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:E0319363C4E8D95A44A00BF037061414
                                                                                                                                                                                                                      SHA1:2E3895647CCDB1D20EEA6C325D32F7E12F4D7F2C
                                                                                                                                                                                                                      SHA-256:F3264FD3F9DD9BC3E051CDCF72125D34617B2B06B914C49F1E1297E53CFD524B
                                                                                                                                                                                                                      SHA-512:3555A6F001DC983EAEB6F63368DC7C6C3962003B73F15991112E16E8942B90B83F8AA83E16AE35EB076DB9422924B9AAC00D7AD312B27589B10264FC249B3915
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict';.// Descend into a directory structure and, for each file matching *.node, output.// based on the imports found in the file whether it's an N-API module or not...const fs = require('fs');.const path = require('path');.const child_process = require('child_process');..// Read the output of the command, break it into lines, and use the reducer to.// decide whether the file is an N-API module or not..function checkFile(file, command, argv, reducer) {. const child = child_process.spawn(command, argv, {. stdio: ['inherit', 'pipe', 'inherit']. });. let leftover = '';. let isNapi = undefined;. child.stdout.on('data', (chunk) => {. if (isNapi === undefined) {. chunk = (leftover + chunk.toString()).split(/[\r\n]+/);. leftover = chunk.pop();. isNapi = chunk.reduce(reducer, isNapi);. if (isNapi !== undefined) {. child.kill();. }. }. });. child.on('close', (code, signal) => {. if ((code === null && signal !== null) || (code !== 0)) {.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\tools\clang-format.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:a /usr/bin/env node script, ASCII text executable
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1912
                                                                                                                                                                                                                      Entropy (8bit):4.997300011341668
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:0E9D1C651C03536F6C961FCBF939778E
                                                                                                                                                                                                                      SHA1:F9899A415350DDDD7F894AA037627434DBD157B0
                                                                                                                                                                                                                      SHA-256:F046340B3D14125BDFD6BF72AF97A14967E8BC78816FCECC4DF2DB15F7472FA4
                                                                                                                                                                                                                      SHA-512:B6DC12DD65DB5954C8BD43E371415877EC0A8FDC4395F8A92835F9780156DBB34A808127B6C11017DB7659784E246F5476280B82A6CD9531202561834BCD102D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:#!/usr/bin/env node..const spawn = require('child_process').spawnSync;.const path = require('path');..const filesToCheck = ['*.h', '*.cc'];.const CLANG_FORMAT_START = process.env.CLANG_FORMAT_START || 'main';..function main(args) {. let fix = false;. while (args.length > 0) {. switch (args[0]) {. case '-f':. case '--fix':. fix = true;. default:. }. args.shift();. }.. let clangFormatPath = path.dirname(require.resolve('clang-format'));. const options = ['--binary=node_modules/.bin/clang-format', '--style=file'];. if (fix) {. options.push(CLANG_FORMAT_START);. } else {. options.push('--diff', CLANG_FORMAT_START);. }.. const gitClangFormatPath = path.join(clangFormatPath,. 'bin/git-clang-format');. const result = spawn('python', [. gitClangFormatPath,. ...options,. '--',. ...filesToCheck. ], { encoding: 'utf-8' });.. if (result.stderr) {. console.error('Error running git-clang-format:', result.stderr);. return 2;. }..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\node-addon-api\tools\conversion.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:a /usr/bin/env node script, ASCII text executable, with very long lines (454)
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15275
                                                                                                                                                                                                                      Entropy (8bit):5.515853837423564
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:3F6FE59495A8968E296547DBADE7C73B
                                                                                                                                                                                                                      SHA1:1C603B7606A5F36515CEC6781DB65BAB8BB0864F
                                                                                                                                                                                                                      SHA-256:DF2F681BDB4A1DAC5FAF7FA70A60DACE4DD12CE0B9964EFFCEE56A43F693FC6C
                                                                                                                                                                                                                      SHA-512:CFBEA2B2ACF0AE37C6F50DF8A5F2CC96F54F480C05655BA5D8D5AE0E59E34315F0D71082EF3E5A7AB8B6CD38EA8F621C9AA137DF7E9086E1B5DDE486E49ED52B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:#! /usr/bin/env node..'use strict'..const fs = require('fs');.const path = require('path');..const args = process.argv.slice(2);.const dir = args[0];.if (!dir) {. console.log('Usage: node ' + path.basename(__filename) + ' <target-dir>');. process.exit(1);.}..const NodeApiVersion = require('../package.json').version;..const disable = args[1];.if (disable != "--disable" && dir != "--disable") {. var ConfigFileOperations = {. 'package.json': [. [ /([ ]*)"dependencies": {/g, '$1"dependencies": {\n$1 "node-addon-api": "' + NodeApiVersion + '",'],. [ /[ ]*"nan": *"[^"]+"(,|)[\n\r]/g, '' ]. ],. 'binding.gyp': [. [ /([ ]*)'include_dirs': \[/g, '$1\'include_dirs\': [\n$1 \'<!(node -p "require(\\\'node-addon-api\\\').include_dir")\',' ],. [ /([ ]*)"include_dirs": \[/g, '$1"include_dirs": [\n$1 "<!(node -p \\"require(\'node-addon-api\').include_dir\\")",' ],. [ /[ ]*("|')<!\(node -e ("|'|\\"|\\')require\(("|'|\\"|\\')nan("|'|\\"|\\')\)("|'|\\"|\\')\)("

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\npmlog\LICENSE

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):765
                                                                                                                                                                                                                      Entropy (8bit):4.999520559493967
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:82703A69F6D7411DDE679954C2FD9DCA
                                                                                                                                                                                                                      SHA1:BB408E929CAEB1731945B2BA54BC337EDB87CC66
                                                                                                                                                                                                                      SHA-256:4EC3D4C66CD87F5C8D8AD911B10F99BF27CB00CDFCFF82621956E379186B016B
                                                                                                                                                                                                                      SHA-512:3FA748E59FB3AF0C5293530844FAA9606D9271836489D2C8013417779D10CC180187F5E670477F9EC77D341E0EF64EAB7DCFB876C6390F027BC6F869A12D0F46
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:The ISC License..Copyright (c) Isaac Z. Schlueter and Contributors..Permission to use, copy, modify, and/or distribute this software for any.purpose with or without fee is hereby granted, provided that the above.copyright notice and this permission notice appear in all copies...THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES.WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF.MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR.ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES.WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN.ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR.IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\npmlog\log.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):8615
                                                                                                                                                                                                                      Entropy (8bit):4.881838710896137
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:A799970B64E503E7AFBF5132019E1D9E
                                                                                                                                                                                                                      SHA1:570812E6EA9FB88545F80B5CABA303417959CF31
                                                                                                                                                                                                                      SHA-256:569279CAE3FBDADC4B5346B515A4699F2EF64533AD05F52AEFDFBC8EF3D804F4
                                                                                                                                                                                                                      SHA-512:1EB2BECEB02BA313B81C0C48DE8A1F8A1440F5777CFEBD5F53D821D9F69263F6DA03FB8EA3A86F2715C92D6DE1CBB2B81E562CE23DECB2A4C1E80D4026EE570F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'.var Progress = require('are-we-there-yet').var Gauge = require('gauge').var EE = require('events').EventEmitter.var log = exports = module.exports = new EE().var util = require('util')..var setBlocking = require('set-blocking').var consoleControl = require('console-control-strings')..setBlocking(true).var stream = process.stderr.Object.defineProperty(log, 'stream', {. set: function (newStream) {. stream = newStream. if (this.gauge) this.gauge.setWriteTo(stream, stream). },. get: function () {. return stream. }.})..// by default, decide based on tty-ness..var colorEnabled.log.useColor = function () {. return colorEnabled != null ? colorEnabled : stream.isTTY.}..log.enableColor = function () {. colorEnabled = true. this.gauge.setTheme({hasColor: colorEnabled, hasUnicode: unicodeEnabled}).}.log.disableColor = function () {. colorEnabled = false. this.gauge.setTheme({hasColor: colorEnabled, hasUnicode: unicodeEnabled}).}..// default level.log.level = 'info'..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\npmlog\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):532
                                                                                                                                                                                                                      Entropy (8bit):4.724251851458114
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:E815B193023571EA55E3DBD4F39AFC05
                                                                                                                                                                                                                      SHA1:7E66C97CD802E1FE30F31BC9B4144212A8C8A5F6
                                                                                                                                                                                                                      SHA-256:842A32E35AA2DD52CFC30DF9DDB4AFB344BFA29AD6D5831117C1B69478E80261
                                                                                                                                                                                                                      SHA-512:8F67B293A53DE478FD024D38889877FB95E5794CD7E4DECE78C301B3132903235A160762A2E8E08718356CB992B4A16EBDAC43232FA0524CB5C687D42BF86B95
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "author": "Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me/)",. "name": "npmlog",. "description": "logger for npm",. "version": "4.1.2",. "repository": {. "type": "git",. "url": "https://github.com/npm/npmlog.git". },. "main": "log.js",. "files": [. "log.js". ],. "dependencies": {. "are-we-there-yet": "~1.1.2",. "console-control-strings": "~1.1.0",. "gauge": "~2.7.3",. "set-blocking": "~2.0.0". },. "devDependencies": {. "standard": "~7.1.2",. "tap": "~5.7.3". },. "license": "ISC".}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\CONTRIBUTING.md

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):218
                                                                                                                                                                                                                      Entropy (8bit):4.322426370605077
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:67B923160006CD88EDB55FFE8A46DFFF
                                                                                                                                                                                                                      SHA1:B5A2E842825EE76BDD31917BD301BE00609BE343
                                                                                                                                                                                                                      SHA-256:E65A6C8971149D9C0BC4721CEDCF99F86EC37DF9FA7BDF28858EE4D59383C7BB
                                                                                                                                                                                                                      SHA-512:658F30EADA0B62D65FD4D224CF1F71391C5CA34B7C000CF417B3382A1461BD2A513BA30D4B2CED0D2A2518D959F797F496684928F7B1FDBA5B1919B2B89F7819
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:# Contributing to prebuild..- no commits direct to master.- all commits as pull requests (one or several per PR).- each commit solves one identifiable problem.- never merge one's own PRs, another contributor does this.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\LICENSE

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1079
                                                                                                                                                                                                                      Entropy (8bit):5.10194304910543
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:A75272C6B584D0F8E2C1676B4E72469E
                                                                                                                                                                                                                      SHA1:1EB8D0AA18D82D626FC09DFED59211F098199C4C
                                                                                                                                                                                                                      SHA-256:0AA9ADD6A9158EFAD3E6649E3AFFD607C7E2629F6677AF19F9988C8FBB0757B0
                                                                                                                                                                                                                      SHA-512:097B288BD37DCC88745FE99DDA219F0C7941A21E1AB0DE17A9F1F0B874C66C08110F479809C4BFA291464BCD426C1B964B8CADFD999D79D59AE9153B8F70CACA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:The MIT License (MIT)..Copyright (c) 2015 Mathias Buus..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF OR

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\asset.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1199
                                                                                                                                                                                                                      Entropy (8bit):4.689758173954727
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:772C336C8DF39BBB693376752E53D3FC
                                                                                                                                                                                                                      SHA1:69E88A047FBC29AD98096ABDAA7088A9695134C9
                                                                                                                                                                                                                      SHA-256:EAF588F4FBC5113F0C6FDF0EBB1C4639AAC8006A61EDFB786EF9623C0910DFAB
                                                                                                                                                                                                                      SHA-512:6272403EFCC4D80A5EB0B9F36F96C178378365E70DD75DD5D33E3828FFFB5AE99E0606214AB0FA5848CC883E9A29DD6F563C371B3C743AD4142BC9F72BBC2CC9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:var get = require('simple-get').var util = require('./util').var proxy = require('./proxy').var noop = Object.assign({. http: function () {},. silly: function () {}.}, require('noop-logger'))..function findAssetId (opts, cb) {. var downloadUrl = util.getDownloadUrl(opts). var apiUrl = util.getApiUrl(opts). var log = opts.log || noop.. log.http('request', 'GET ' + apiUrl). var reqOpts = proxy({. url: apiUrl,. json: true,. headers: {. 'User-Agent': 'simple-get',. Authorization: 'token ' + opts.token. }. }, opts).. var req = get.concat(reqOpts, function (err, res, data) {. if (err) return cb(err). log.http(res.statusCode, apiUrl). if (res.statusCode !== 200) return cb(err).. // Find asset id in release. for (var release of data) {. if (release.tag_name === opts['tag-prefix'] + opts.pkg.version) {. for (var asset of release.assets) {. if (asset.browser_download_url === downloadUrl) {. return cb(null, asset.id).

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\bin.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:a /usr/bin/env node script, ASCII text executable
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2572
                                                                                                                                                                                                                      Entropy (8bit):4.94794152545113
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:C0FB897B9772E5878494F25B166AFDEE
                                                                                                                                                                                                                      SHA1:05FFC4DC61A71C97820D5EC41FDD772FC4DC3E05
                                                                                                                                                                                                                      SHA-256:956A373D8F685EB08963A52B111523BC4E843156D14FC18EA813DC5488654648
                                                                                                                                                                                                                      SHA-512:EDCAD4AE84C599E50EF40D9173C14FF19F2FDD1ADDB95F0D30E707ED3D8A484BDD8126B772E250BC3498C9DB51E03C59207DEA799E87BB3B8194938BA158C7A2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:#!/usr/bin/env node..var path = require('path').var fs = require('fs').var whichPmRuns = require('which-pm-runs').var napi = require('napi-build-utils')..var pkg = require(path.resolve('package.json')).var rc = require('./rc')(pkg).var log = require('./log')(rc, process.env).var download = require('./download').var asset = require('./asset').var util = require('./util')..var prebuildClientVersion = require('./package.json').version.if (rc.version) {. console.log(prebuildClientVersion). process.exit(0).}..if (rc.path) process.chdir(rc.path)..if (rc.runtime === 'electron' && rc.target[0] === '4' && rc.abi === '64') {. log.error(`Electron version ${rc.target} found - skipping prebuild-install work due to known ABI issue`). log.error('More information about this issue can be found at https://github.com/lgeiger/node-abi/issues/54'). process.exit(1).}..if (!fs.existsSync('package.json')) {. log.error('setup', 'No package.json found. Aborting...'). process.exit(1).}..if (rc.help) {. c

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\download.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3659
                                                                                                                                                                                                                      Entropy (8bit):4.549912994582875
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:F9FFB1B8146E8B9AB6E8479423C39525
                                                                                                                                                                                                                      SHA1:532CEBB5FE95F786A4C7399D43510D1B65ED41CC
                                                                                                                                                                                                                      SHA-256:821D285E38D169367C2A789C33BBB8DCA45842B485AE8CA7802221B7D177529B
                                                                                                                                                                                                                      SHA-512:BE84AE6843B0385A78D21E26AF6814EC55C890845B1AAD5248D50298B57627B1E68BDDC8FE5BF33D315483303B6C9C1F85B5572F3E975AD0D9844588051C6CEE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:var path = require('path').var fs = require('fs').var get = require('simple-get').var pump = require('pump').var tfs = require('tar-fs').var noop = Object.assign({. http: function () {},. silly: function () {}.}, require('noop-logger')).var zlib = require('zlib').var util = require('./util').var error = require('./error').var proxy = require('./proxy').var mkdirp = require('mkdirp-classic')..function downloadPrebuild (downloadUrl, opts, cb) {. var cachedPrebuild = util.cachedPrebuild(downloadUrl). var tempFile = util.tempFile(cachedPrebuild). var log = opts.log || noop.. ensureNpmCacheDir(function (err) {. if (err) return onerror(err).. log.info('looking for cached prebuild @', cachedPrebuild). fs.access(cachedPrebuild, fs.R_OK | fs.W_OK, function (err) {. if (!(err && err.code === 'ENOENT')) {. log.info('found cached prebuild'). return unpack(). }.. log.http('request', 'GET ' + downloadUrl). var reqOpts = proxy({ url: downloadUrl }, opt

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\error.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):355
                                                                                                                                                                                                                      Entropy (8bit):4.591313932276839
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:4320056F238CC656471B0120A4AF3225
                                                                                                                                                                                                                      SHA1:656836BDE7DC93828D0BE4DEA45FC881E959760A
                                                                                                                                                                                                                      SHA-256:0DF3FA571A7FB2563113D8A7EA83C79E769830ABBE7B5D5D9CD430C3EA893F68
                                                                                                                                                                                                                      SHA-512:5F0342B5FE766A3CA2A676BFDFA79723E665974C62E66B29F61D12886692C019D204E5D083B32B5A7FD09AE25BA1291194C64AB36838ACA8C4CBEE1BF13D7AE1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:exports.noPrebuilts = function (opts) {. return new Error([. 'No prebuilt binaries found',. '(target=' + opts.target,. 'runtime=' + opts.runtime,. 'arch=' + opts.arch,. 'libc=' + opts.libc,. 'platform=' + opts.platform + ')'. ].join(' ')).}..exports.invalidArchive = function () {. return new Error('Missing .node file in archive').}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\help.txt

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):867
                                                                                                                                                                                                                      Entropy (8bit):4.001431435023458
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:0574682A179DCD25900A9DF65263355A
                                                                                                                                                                                                                      SHA1:B0903E2F8021CE13F354334B535A7A45AC187430
                                                                                                                                                                                                                      SHA-256:3B5FA5A617794D21DB4189EFC8EB6A2B1C0DA006B2A3C45BBBD1C0140229152B
                                                                                                                                                                                                                      SHA-512:5D98C73B40F861F10F486CC1901E61F03EBE20F17F4969BB000108A6A5CBA64874D9CCB35CC4ABA34E123EB7DC3A47E0460715DF615E61716A6E78D5D6321ACA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:prebuild-install [options].. --download -d [url] (download prebuilds, no url means github). --target -t version (version to install for). --runtime -r runtime (Node runtime [node or electron] to build or install for, default is node). --path -p path (make a prebuild-install here). --token -T gh-token (github token for private repos). --tag-prefix <prefix> (github tag prefix, default is "v"). --force (always use prebuilt binaries when available). --build-from-source (skip prebuild download). --verbose (log verbosely). --libc (use provided libc rather than system default). --debug (set Debug or Release configuration). --version (print prebuild-install version and exit).

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\index.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                      Entropy (8bit):4.305858944160431
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:5C197F124F738945987648084DA3C34B
                                                                                                                                                                                                                      SHA1:C726419F448DD711EC6AD7E098500C9953247604
                                                                                                                                                                                                                      SHA-256:51C1DAE166A7DA3717CC50BA36118C12F5351FF07A7D23D6DD53828BD857F5B6
                                                                                                                                                                                                                      SHA-512:CABD71AEEC190B626568271345D0900B64E2F63F2FEB32FD98234CEB281D07A6A8EC614AD025791288617DE3FF63DA0FD6EE78BF48CF667D4C9F915447E3F070
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:exports.download = require('./download').

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\log.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):232
                                                                                                                                                                                                                      Entropy (8bit):4.471367620406736
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:B970F7DAB67D35D1046B1584663C3EB4
                                                                                                                                                                                                                      SHA1:9E9CCEA81BB9429C9D3D56F7976CE48C2A92B678
                                                                                                                                                                                                                      SHA-256:16C9E18A9B5409BFCF499096122D950E81B65F02E6B5305E9B3F014FEDB21EFA
                                                                                                                                                                                                                      SHA-512:CB8F04920C3570C3823F4048033B452BFA8AC0BD94C3766C3233D470665C61694B69218B4CF3C798E8AD7E830637E1D2B9D4820A0A31C0B5B50B059DE7F818CB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:var log = require('npmlog')..module.exports = function (rc, env) {. log.heading = 'prebuild-install'.. if (rc.verbose) {. log.level = 'verbose'. } else {. log.level = env.npm_config_loglevel || 'notice'. }.. return log.}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1103
                                                                                                                                                                                                                      Entropy (8bit):4.718888556408363
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:FDFBA6758FE276F4FF490D422D6DB0CB
                                                                                                                                                                                                                      SHA1:7ECDC93BB05AC8F95E6BF3C65B91BEF65B37A90F
                                                                                                                                                                                                                      SHA-256:3004CE32CD3CB6084FCAAED7A46130FB6F24B94A6C4B86E326CBAE6247C94032
                                                                                                                                                                                                                      SHA-512:4AB06F7B1EBC6BA313BB1BACE57CB502770C0D7C71F5C5C81A1C37394A21AED76D55BE92C4FC7ECFC55B7A47279AE2E8093208B0FFEAA7AD405133B7D1519EE1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "prebuild-install",. "version": "5.3.6",. "description": "A command line tool to easily install prebuilt binaries for multiple version of node/iojs on a specific platform",. "dependencies": {. "detect-libc": "^1.0.3",. "expand-template": "^2.0.3",. "github-from-package": "0.0.0",. "minimist": "^1.2.3",. "mkdirp-classic": "^0.5.3",. "napi-build-utils": "^1.0.1",. "node-abi": "^2.7.0",. "noop-logger": "^0.1.1",. "npmlog": "^4.0.1",. "pump": "^3.0.0",. "rc": "^1.2.7",. "simple-get": "^3.0.3",. "tar-fs": "^2.0.0",. "tunnel-agent": "^0.6.0",. "which-pm-runs": "^1.0.0". },. "devDependencies": {. "a-native-module": "^1.0.0",. "hallmark": "^3.0.0",. "nock": "^10.0.6",. "rimraf": "^2.5.2",. "standard": "^13.0.2",. "tape": "^4.5.1". },. "bin": "./bin.js",. "repository": {. "type": "git",. "url": "https://github.com/prebuild/prebuild-install.git". },. "author": "Mathias Buus (@mafintosh)",. "license": "MIT

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\proxy.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1189
                                                                                                                                                                                                                      Entropy (8bit):4.741251824058896
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:8D6812EF16E471B4A0D0807C6B963871
                                                                                                                                                                                                                      SHA1:E382E8043D46BAEBEB2727BC0F7E6A032B835334
                                                                                                                                                                                                                      SHA-256:1E65CEFF565DB5417E2C7BEDBBEF68E3810E8825E582A2192CE79EE11AD7BAF1
                                                                                                                                                                                                                      SHA-512:F2638BED85D44861C02542A76A6332F4379541892C55A4BB8422EE731F3D5B1C23A2FCB5D5E42E07A49D3FD46BA9D268B2570BB7D7351F838748FFCBF80A46B8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:var url = require('url').var tunnel = require('tunnel-agent').var noop = Object.assign({. http: function () {},. silly: function () {}.}, require('noop-logger'))..function applyProxy (reqOpts, opts) {. var log = opts.log || noop.. var proxy = opts['https-proxy'] || opts.proxy.. if (proxy) {. // eslint-disable-next-line node/no-deprecated-api. var parsedDownloadUrl = url.parse(reqOpts.url). // eslint-disable-next-line node/no-deprecated-api. var parsedProxy = url.parse(proxy). var uriProtocol = (parsedDownloadUrl.protocol === 'https:' ? 'https' : 'http'). var proxyProtocol = (parsedProxy.protocol === 'https:' ? 'Https' : 'Http'). var tunnelFnName = [uriProtocol, proxyProtocol].join('Over'). reqOpts.agent = tunnel[tunnelFnName]({. proxy: {. host: parsedProxy.hostname,. port: +parsedProxy.port,. proxyAuth: parsedProxy.auth. }. }). log.http('request', 'Proxy setup detected (Host: ' +. parsedProxy.hostname + ', Port: ' +.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\rc.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2531
                                                                                                                                                                                                                      Entropy (8bit):4.963173293928606
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:F8CBB9CC75B990D3C10D9E4FC1261CCA
                                                                                                                                                                                                                      SHA1:DEDB6DEE835CAD015154B787D564A92256EB29C0
                                                                                                                                                                                                                      SHA-256:B85B563293538765AA586C69F9264E88A72245A2F7936B3626B2F68E2189C88A
                                                                                                                                                                                                                      SHA-512:0D466E6A6DBF3DD93860B31E7B19117D540FBBC0B871E86A3D7C96945384369049A4245EEDEFC7CAF6CA247E6F80919717A51927D804BBE850E2D21522D23086
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:var minimist = require('minimist').var getAbi = require('node-abi').getAbi.var detectLibc = require('detect-libc').var napi = require('napi-build-utils')..var env = process.env..var libc = env.LIBC || (detectLibc.isNonGlibcLinux && detectLibc.family) || ''..// Get `prebuild-install` arguments that were passed to the `npm` command.if (env.npm_config_argv) {. var npmargs = ['prebuild', 'compile', 'build-from-source', 'debug', 'verbose']. try {. var npmArgv = JSON.parse(env.npm_config_argv).cooked. for (var i = 0; i < npmargs.length; ++i) {. if (npmArgv.indexOf('--' + npmargs[i]) !== -1) {. process.argv.push('--' + npmargs[i]). }. if (npmArgv.indexOf('--no-' + npmargs[i]) !== -1) {. process.argv.push('--no-' + npmargs[i]). }. }. if ((i = npmArgv.indexOf('--download')) !== -1) {. process.argv.push(npmArgv[i], npmArgv[i + 1]). }. } catch (e) { }.}..// Get the configuration.module.exports = function (pkg) {. var pkgConf = pkg.config |

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\prebuild-install\util.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3045
                                                                                                                                                                                                                      Entropy (8bit):5.070664908200508
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:D094A41C563B4AC182A9D73EFBB192E5
                                                                                                                                                                                                                      SHA1:7C9B508E8812CC24A4B6B415C226E8A19E1BB683
                                                                                                                                                                                                                      SHA-256:CA877F264EA23FD4FB488175ED6E6A69AACC22D52F21A84DD9BCEAEA9981FE36
                                                                                                                                                                                                                      SHA-512:014F42E650BA9B437A777205C58B41201E96C91F986D87DE982BDC0E84A8E5C6E1A63102B29259CCE969C4AFD17C4B9168D9A1D10B1AE2FB6E7CD52C01405022
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:var path = require('path').var github = require('github-from-package').var home = require('os').homedir.var crypto = require('crypto').var expandTemplate = require('expand-template')()..function getDownloadUrl (opts) {. var pkgName = opts.pkg.name.replace(/^@\w+\//, ''). return expandTemplate(urlTemplate(opts), {. name: pkgName,. package_name: pkgName,. version: opts.pkg.version,. major: opts.pkg.version.split('.')[0],. minor: opts.pkg.version.split('.')[1],. patch: opts.pkg.version.split('.')[2],. prerelease: opts.pkg.version.split('-')[1],. build: opts.pkg.version.split('+')[1],. abi: opts.abi || process.versions.modules,. node_abi: process.versions.modules,. runtime: opts.runtime || 'node',. platform: opts.platform,. arch: opts.arch,. libc: opts.libc || process.env.LIBC || '',. configuration: (opts.debug ? 'Debug' : 'Release'),. module_name: opts.pkg.binary && opts.pkg.binary.module_name,. tag_prefix: opts['tag-prefix'] || 'v'. }

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\CONTRIBUTING.md

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1443
                                                                                                                                                                                                                      Entropy (8bit):4.636320036171633
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:08365B138B43284489ECFBF6EFD44A25
                                                                                                                                                                                                                      SHA1:1B97E91AC67FCBBD711DEDD3B5C388C08489EEAA
                                                                                                                                                                                                                      SHA-256:56E4E12A6934A2C4D36C7BF893F4D8AEFA6C96F9FFCEC357DFA6476E36C4F1F5
                                                                                                                                                                                                                      SHA-512:85494CA6582DB6AA3679F532C540F2075516628C02ABD6FC827369CF8EC1F2AC66092FF815406D4670C7A33CADC62F34C2C478136953656CE85A7D5755F8C31E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:# Developer's Certificate of Origin 1.1..By making a contribution to this project, I certify that:..* (a) The contribution was created in whole or in part by me and I. have the right to submit it under the open source license. indicated in the file; or..* (b) The contribution is based upon previous work that, to the best. of my knowledge, is covered under an appropriate open source. license and I have the right under that license to submit that. work with modifications, whether created in whole or in part. by me, under the same open source license (unless I am. permitted to submit under a different license), as indicated. in the file; or..* (c) The contribution was provided directly to me by some other. person who certified (a), (b) or (c) and I have not modified. it...* (d) I understand and agree that this project and the contribution. are public and that a record of the contribution (including all. personal information I submit with it, including my sign-off) is. maintai

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\GOVERNANCE.md

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5550
                                                                                                                                                                                                                      Entropy (8bit):4.5703149075149225
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:70B44945CEC4643CA805D87F673FBD34
                                                                                                                                                                                                                      SHA1:F30FD9BA0FA4F12C900D1B7BB248AA568A72CC3C
                                                                                                                                                                                                                      SHA-256:7A521E462D1C6F3B599C44637FB337BBF969DDA311510A87236EC539A415331D
                                                                                                                                                                                                                      SHA-512:586F0F2A46AE29E8DC0B5931E144D3B7536057CB0A6D2ECFC72544C5048A1FC9417D14FBDB45F33E21EEF99A2A0E302A3C74D2F8E360573544C8328593053DAA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:### Streams Working Group..The Node.js Streams is jointly governed by a Working Group.(WG).that is responsible for high-level guidance of the project...The WG has final authority over this project including:..* Technical direction.* Project governance and process (including this policy).* Contribution policy.* GitHub repository hosting.* Conduct guidelines.* Maintaining the list of additional Collaborators..For the current list of WG members, see the project.[README.md](./README.md#current-project-team-members)...### Collaborators..The readable-stream GitHub repository is.maintained by the WG and additional Collaborators who are added by the.WG on an ongoing basis...Individuals making significant and valuable contributions are made.Collaborators and given commit-access to the project. These.individuals are identified by the WG and their addition as.Collaborators is discussed during the WG meeting..._Note:_ If you make a significant contribution and are not considered.for commit-access

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\LICENSE

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2337
                                                                                                                                                                                                                      Entropy (8bit):5.096887765301323
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:A67A7926E54316D90C14F74F71080977
                                                                                                                                                                                                                      SHA1:D3622FAC093FE1CBCB4D8E8D35801600B681FC45
                                                                                                                                                                                                                      SHA-256:EC62DC96DA0099B87F4511736C87309335527FB7031639493E06C95728DC8C54
                                                                                                                                                                                                                      SHA-512:E61DE704D5A76AFD66B5D9B1C78F0A5AFE9A846686CA2FB28C814A4A60DBE82A190ED4A6A2F31E09BF6D695B8EC178EBEA9804593029C58C1B1BEDD793324D13
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:Node.js is licensed for use as follows:..""".Copyright Node.js contributors. All rights reserved...Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT,

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\doc\wg-meetings\2015-01-30.md

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2280
                                                                                                                                                                                                                      Entropy (8bit):4.975941757086827
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:0D737DE1FC474ED809C9FBB1D5E9934E
                                                                                                                                                                                                                      SHA1:1FAFE6E2E28A4404DB90AE6DC867199B74468CA4
                                                                                                                                                                                                                      SHA-256:39BDF2C2D8D23DF3239DDE5E66449DCFA9BFD0ACCF840C91C35BB295F2BBAE2D
                                                                                                                                                                                                                      SHA-512:F33AAD44449C6C62C3AE4E9053C1C884F6DDBCE00AEE35DE5818B82E9DD238F6B4C362E1D947DAFBB5504601AB7A475A786F8E8AB334A703F4B3541C5595E5E5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:# streams WG Meeting 2015-01-30..## Links..* **Google Hangouts Video**: http://www.youtube.com/watch?v=I9nDOSGfwZg.* **GitHub Issue**: https://github.com/iojs/readable-stream/issues/106.* **Original Minutes Google Doc**: https://docs.google.com/document/d/17aTgLnjMXIrfjgNaTUnHQO7m3xgzHR2VXBTmi03Qii4/..## Agenda..Extracted from https://github.com/iojs/readable-stream/labels/wg-agenda prior to meeting...* adopt a charter [#105](https://github.com/iojs/readable-stream/issues/105).* release and versioning strategy [#101](https://github.com/iojs/readable-stream/issues/101).* simpler stream creation [#102](https://github.com/iojs/readable-stream/issues/102).* proposal: deprecate implicit flowing of streams [#99](https://github.com/iojs/readable-stream/issues/99)..## Minutes..### adopt a charter..* group: +1's all around..### What versioning scheme should be adopted?.* group: +1.s 3.0.0.* domenic+group: pulling in patches from other sources where appropriate.* mikeal: version independently,

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\duplex-browser.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):53
                                                                                                                                                                                                                      Entropy (8bit):4.510386020356015
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:71BC8735EE8F568483DAA0B68865B025
                                                                                                                                                                                                                      SHA1:9FA4BC0F1F8950E8525E33C376E0722B5BE92660
                                                                                                                                                                                                                      SHA-256:B492B180E158A495AFA7B394DE1440E037C5D60524BB2FCE839AEB690E6FF968
                                                                                                                                                                                                                      SHA-512:5D8C4D5FDD2081878AB19D18C3B29EB00F4AA2F6D1B691DA90E603354762520D8F82425AE22B33897BBCD5084C63DCD769A379322909D376DC1DCA387C853564
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:module.exports = require('./lib/_stream_duplex.js');.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\duplex.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):46
                                                                                                                                                                                                                      Entropy (8bit):4.307993543863672
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:D128BF2CD01BFE3A6213E548804685D6
                                                                                                                                                                                                                      SHA1:65D2569A9805988EB48FC26ED9FB7123BB062C12
                                                                                                                                                                                                                      SHA-256:16475035143997E924DC3F41AF6FD657CF55C5843F415F00B155C20891DA8A5B
                                                                                                                                                                                                                      SHA-512:F784338065ACEE2075F8755BF4591694C62EE7CA3B722CB12E85F61A9903A45C3E6A28E9031A785C94EA4D8FAAC014C681117C3416AF5D37629EAFA3111EF8DF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:module.exports = require('./readable').Duplex.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\lib\_stream_duplex.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4015
                                                                                                                                                                                                                      Entropy (8bit):5.137391447911904
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:53328D86AD3DE15E7A1B48F4772890A6
                                                                                                                                                                                                                      SHA1:5C9979AD235F24FFEC84966CA764457A6A8FB933
                                                                                                                                                                                                                      SHA-256:FD17D6A92DD9BA004C85F8E364B2771AF10D012A83766437447DBAE63879FA6B
                                                                                                                                                                                                                      SHA-512:FB1A5F969530664257763E10CFABB30B62356D00A6AE65ED64FC85DD36EC261C9598B8EBF281C79FA0C200567F6FE1E5022AD682E1BE8A3AD1CABD2D2A497F3A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:// Copyright Joyent, Inc. and other Node contributors..//.// Permission is hereby granted, free of charge, to any person obtaining a.// copy of this software and associated documentation files (the.// "Software"), to deal in the Software without restriction, including.// without limitation the rights to use, copy, modify, merge, publish,.// distribute, sublicense, and/or sell copies of the Software, and to permit.// persons to whom the Software is furnished to do so, subject to the.// following conditions:.//.// The above copyright notice and this permission notice shall be included.// in all copies or substantial portions of the Software..//.// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS.// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN.// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,.// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONT

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\lib\_stream_passthrough.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1753
                                                                                                                                                                                                                      Entropy (8bit):5.229478594965389
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:5DCADA23E7D0FED2AC8320A06F0D7057
                                                                                                                                                                                                                      SHA1:38FE3358505AE4667DFC1F7FDAF09C4A35EEF7E9
                                                                                                                                                                                                                      SHA-256:BF61450B1FF5F94FEA9D46665E931119642034C903E63CC224B4C96472EED4D4
                                                                                                                                                                                                                      SHA-512:A8B896641C5021FE0416E1BCD3189EE8061100F78957F06055F2D8B68FA8DC5A53784CD204F04561AF14DEB6349F55777D393710F8C1192C5B69A84C31584A36
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:// Copyright Joyent, Inc. and other Node contributors..//.// Permission is hereby granted, free of charge, to any person obtaining a.// copy of this software and associated documentation files (the.// "Software"), to deal in the Software without restriction, including.// without limitation the rights to use, copy, modify, merge, publish,.// distribute, sublicense, and/or sell copies of the Software, and to permit.// persons to whom the Software is furnished to do so, subject to the.// following conditions:.//.// The above copyright notice and this permission notice shall be included.// in all copies or substantial portions of the Software..//.// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS.// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN.// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,.// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONT

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\lib\_stream_readable.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):31426
                                                                                                                                                                                                                      Entropy (8bit):4.805214781384264
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:B143F2501705BC2A32AD7968AA377A56
                                                                                                                                                                                                                      SHA1:50077009123001E505821C5130417A1189D5BD29
                                                                                                                                                                                                                      SHA-256:216E051224EFF89A5D5EEC76BEF25ADDAC078D9EBD2E88BD0A3D73A0E605091D
                                                                                                                                                                                                                      SHA-512:BBF674884D77CC534D453841AAF4BD4562BF3A271520299C6047C41C2F775F7ECF2777C4FABFC5A28F369EB3D850AC1DCC58A5922A849A66D1A4B24C7D283FCA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:// Copyright Joyent, Inc. and other Node contributors..//.// Permission is hereby granted, free of charge, to any person obtaining a.// copy of this software and associated documentation files (the.// "Software"), to deal in the Software without restriction, including.// without limitation the rights to use, copy, modify, merge, publish,.// distribute, sublicense, and/or sell copies of the Software, and to permit.// persons to whom the Software is furnished to do so, subject to the.// following conditions:.//.// The above copyright notice and this permission notice shall be included.// in all copies or substantial portions of the Software..//.// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS.// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN.// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,.// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONT

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\lib\_stream_transform.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):7742
                                                                                                                                                                                                                      Entropy (8bit):4.89847949515625
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:9CBD9508CAD163EF01DAD4CEE030897B
                                                                                                                                                                                                                      SHA1:52BBDAE8D18908D8783C49FF2DC5803E7256C541
                                                                                                                                                                                                                      SHA-256:56220D9DD58B976F1739BFC85948B267D79772BA23672FF402D13B6B3FCF4E40
                                                                                                                                                                                                                      SHA-512:910AF29C89B4114AD09E287C7D347538D494EC88095B80185A2F5BFB4FEBAB54B337C328E2A05B4BAB6BC9A3FA7447D00D07CEE54E42E34C88F0EF0138289E42
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:// Copyright Joyent, Inc. and other Node contributors..//.// Permission is hereby granted, free of charge, to any person obtaining a.// copy of this software and associated documentation files (the.// "Software"), to deal in the Software without restriction, including.// without limitation the rights to use, copy, modify, merge, publish,.// distribute, sublicense, and/or sell copies of the Software, and to permit.// persons to whom the Software is furnished to do so, subject to the.// following conditions:.//.// The above copyright notice and this permission notice shall be included.// in all copies or substantial portions of the Software..//.// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS.// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN.// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,.// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONT

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\lib\_stream_writable.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20335
                                                                                                                                                                                                                      Entropy (8bit):4.878070415114619
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:09B0D94AF81D8A886E8BDDA4E1D72AFE
                                                                                                                                                                                                                      SHA1:A3256EA20FBD28A2529F26A0E0DEB04F265EE064
                                                                                                                                                                                                                      SHA-256:E6359AC652ED97F5F328C586C7A6B8F163782A9CA13DA476E609A981C75E0469
                                                                                                                                                                                                                      SHA-512:1E13AC8FD6FA12A64045E87FD059D67EC81706EBF57232906B7C87F9CE50011223A8803724826434DC745C89D2AE0B08E3406A264E46E983F38720B389DF0FCB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:// Copyright Joyent, Inc. and other Node contributors..//.// Permission is hereby granted, free of charge, to any person obtaining a.// copy of this software and associated documentation files (the.// "Software"), to deal in the Software without restriction, including.// without limitation the rights to use, copy, modify, merge, publish,.// distribute, sublicense, and/or sell copies of the Software, and to permit.// persons to whom the Software is furnished to do so, subject to the.// following conditions:.//.// The above copyright notice and this permission notice shall be included.// in all copies or substantial portions of the Software..//.// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS.// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN.// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,.// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONT

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\lib\internal\streams\BufferList.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2009
                                                                                                                                                                                                                      Entropy (8bit):4.611047568599985
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:66ECF816F5A889AA03BF6E758EF90048
                                                                                                                                                                                                                      SHA1:8B4EB0F087C414F3572CC2371FB2ACDAE371CA92
                                                                                                                                                                                                                      SHA-256:387991BFEE34BBB7938E0C0A3F345C3E5E4C37D5B0CB600E6D432C9995321FA7
                                                                                                                                                                                                                      SHA-512:F79B8F6BA3FD82E74FBEA2E8A5DA920F0559FE89B375372E25D158C3D08E359E7EB365FC5C68954381D9DC6F08F1DFD7C7C3126882C2D0CEF2380910AE3D4424
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict';..function _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError("Cannot call a class as a function"); } }..var Buffer = require('safe-buffer').Buffer;.var util = require('util');..function copyBuffer(src, target, offset) {. src.copy(target, offset);.}..module.exports = function () {. function BufferList() {. _classCallCheck(this, BufferList);.. this.head = null;. this.tail = null;. this.length = 0;. }.. BufferList.prototype.push = function push(v) {. var entry = { data: v, next: null };. if (this.length > 0) this.tail.next = entry;else this.head = entry;. this.tail = entry;. ++this.length;. };.. BufferList.prototype.unshift = function unshift(v) {. var entry = { data: v, next: this.head };. if (this.length === 0) this.tail = entry;. this.head = entry;. ++this.length;. };.. BufferList.prototype.shift = function shift() {. if (this.length === 0) return;. var ret = this.head.da

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\lib\internal\streams\destroy.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2175
                                                                                                                                                                                                                      Entropy (8bit):4.600581300685707
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:8A7FD7B60A17C29F6F3D15A9619FA928
                                                                                                                                                                                                                      SHA1:3DCCE675063FE3D84A6948004EC382340DDE4198
                                                                                                                                                                                                                      SHA-256:A59F90DAEC030125875A6028B32F93E2E2BC9FAFD703991DBC36244F5CB21176
                                                                                                                                                                                                                      SHA-512:38063C3C22994E8FEC5CD396B4D6C39FE8206B4676961F0382212BF4E61BAE67F88ABD3DE6DE00C679386A44D3204713123B9F1AC8969DEA93489DECC6DA0E34
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict';../*<replacement>*/..var pna = require('process-nextick-args');./*</replacement>*/..// undocumented cb() API, needed for core, not for public API.function destroy(err, cb) {. var _this = this;.. var readableDestroyed = this._readableState && this._readableState.destroyed;. var writableDestroyed = this._writableState && this._writableState.destroyed;.. if (readableDestroyed || writableDestroyed) {. if (cb) {. cb(err);. } else if (err) {. if (!this._writableState) {. pna.nextTick(emitErrorNT, this, err);. } else if (!this._writableState.errorEmitted) {. this._writableState.errorEmitted = true;. pna.nextTick(emitErrorNT, this, err);. }. }.. return this;. }.. // we set destroyed to true before firing error callbacks in order. // to make it re-entrance safe in case destroy() is called within callbacks.. if (this._readableState) {. this._readableState.destroyed = true;. }.. // if this is a duplex stream mark the w

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\lib\internal\streams\stream-browser.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):49
                                                                                                                                                                                                                      Entropy (8bit):4.275737589534865
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:DF20453C19AF8406BABDF987FACD76D9
                                                                                                                                                                                                                      SHA1:0167A0DC72DAAB83989846563AAE870F37549151
                                                                                                                                                                                                                      SHA-256:72D46A15491627D8FB1489A47D03583CFE5C21902918016AB532B53E615E5A9A
                                                                                                                                                                                                                      SHA-512:8004ACA5EFC10CF89BF41ECBB6586F9ACD707EF3B789CC714043C48C0D47B6479D9D2C2FD9894AEDC683EDCB88FAD8B28517D329417D6E2D0E2B639D964956D9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:module.exports = require('events').EventEmitter;.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\lib\internal\streams\stream.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):36
                                                                                                                                                                                                                      Entropy (8bit):4.2363238771524
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:76BAE0AACA4D9C61A71995751B67448B
                                                                                                                                                                                                                      SHA1:90B89EC87417D1301E7615A3BA50B04626C2796C
                                                                                                                                                                                                                      SHA-256:1E7903927DF33AADB3659ECCE55266C9C851DA65CE6C8B723A60A305C1C5422C
                                                                                                                                                                                                                      SHA-512:9BE70625AF9C47A3772622031CDC4ADA6E009D9DDF71F7409109EF6B6ADFB444414630897EAB07F77BD268F66C9462D199CB72934E0BB4FDBBE614F16BB3DE24
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:module.exports = require('stream');.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):961
                                                                                                                                                                                                                      Entropy (8bit):4.705482630406149
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:89D9E54CE479B2369137CC9E921F3398
                                                                                                                                                                                                                      SHA1:1D66DBDD4757A9667CDCE4FE499C8BC0D0E35963
                                                                                                                                                                                                                      SHA-256:4FC449DC706BA8988E6E1254BE82B7508A23666468ADC686709E98CEF3096317
                                                                                                                                                                                                                      SHA-512:553DE1546B406ECE81353A0C676A09719A2051AE35214FDF4124697DBB3B0DECD64D3AFBFC6A473C6D6D70958D9F8643D1D74AB4FABAEC52D1213D741E31D630
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "readable-stream",. "version": "2.3.8",. "description": "Streams3, a user-land copy of the stream library from Node.js",. "main": "readable.js",. "dependencies": {. "core-util-is": "~1.0.0",. "inherits": "~2.0.3",. "isarray": "~1.0.0",. "process-nextick-args": "~2.0.0",. "safe-buffer": "~5.1.1",. "string_decoder": "~1.1.1",. "util-deprecate": "~1.0.1". },. "devDependencies": {. "assert": "^1.4.0",. "babel-polyfill": "^6.9.1",. "buffer": "^4.9.0",. "lolex": "^2.3.2",. "nyc": "^6.4.0",. "tap": "^0.7.0",. "tape": "^4.8.0". },. "repository": {. "type": "git",. "url": "git://github.com/nodejs/readable-stream". },. "browser": {. "util": false,. "./readable.js": "./readable-browser.js",. "./writable.js": "./writable-browser.js",. "./duplex.js": "./duplex-browser.js",. "./lib/internal/streams/stream.js": "./lib/internal/streams/stream-browser.js". },. "license": "MIT".}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\passthrough.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):51
                                                                                                                                                                                                                      Entropy (8bit):4.47842822452873
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:C91F046D756B80D527EC8F4DBEFFA459
                                                                                                                                                                                                                      SHA1:1498C28497CA568D3DD207EAC8B236C221A17988
                                                                                                                                                                                                                      SHA-256:809DBC03B4C312355FF74EB14B2CCC77267EE71E04F519F437EB4B203407C4B7
                                                                                                                                                                                                                      SHA-512:E36C7CAF17EB5E80F85707E4FD41DB5B50F8471904DDD0E98DD9EE16FBD2211DE77730289F1990D519CA962ADABFACB6F439AF9D3B1986882F7F0A1F5C0E843A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:module.exports = require('./readable').PassThrough.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\readable-browser.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):351
                                                                                                                                                                                                                      Entropy (8bit):4.681447721783899
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:73BA7F8DD912318C3D51D99674C77C4F
                                                                                                                                                                                                                      SHA1:C72B2B1C4F810D22237FFE40A6A2FD6E3F7C8C16
                                                                                                                                                                                                                      SHA-256:EC8E6F4E484D5269BC134752E11770B66B6BE3A470217C2A0166E977965F53C6
                                                                                                                                                                                                                      SHA-512:F336796336340144ADAABB2835149BC7E090DD4730B5F89FE25A2C43AF22557EC34DEFD0DFAD2F80D85D3021F28518ED64BFA2E6A64D9ECB5E2C6C3DA6F4E4D9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:exports = module.exports = require('./lib/_stream_readable.js');.exports.Stream = exports;.exports.Readable = exports;.exports.Writable = require('./lib/_stream_writable.js');.exports.Duplex = require('./lib/_stream_duplex.js');.exports.Transform = require('./lib/_stream_transform.js');.exports.PassThrough = require('./lib/_stream_passthrough.js');.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\readable.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):771
                                                                                                                                                                                                                      Entropy (8bit):4.7755606513756454
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:0FE4BE4FE2E76F31A60E95E65D42538F
                                                                                                                                                                                                                      SHA1:8FCD80B248D1DCA48A678ABC8CAC9D9A0664C7D1
                                                                                                                                                                                                                      SHA-256:A1EFA3FA06393AFF652F3529EA1B1BC32134D49EB794B23272FB0BA13D214550
                                                                                                                                                                                                                      SHA-512:65D18129DB732C11BDF1B2953A95BF9E2161C4B6A7F90D705641B7B2CEB1927CF0E05A6FC4C6648F3C6B1573B7CF714697BF26CC44A429CCB2EF90FBF750028B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:var Stream = require('stream');.if (process.env.READABLE_STREAM === 'disable' && Stream) {. module.exports = Stream;. exports = module.exports = Stream.Readable;. exports.Readable = Stream.Readable;. exports.Writable = Stream.Writable;. exports.Duplex = Stream.Duplex;. exports.Transform = Stream.Transform;. exports.PassThrough = Stream.PassThrough;. exports.Stream = Stream;.} else {. exports = module.exports = require('./lib/_stream_readable.js');. exports.Stream = Stream || exports;. exports.Readable = exports;. exports.Writable = require('./lib/_stream_writable.js');. exports.Duplex = require('./lib/_stream_duplex.js');. exports.Transform = require('./lib/_stream_transform.js');. exports.PassThrough = require('./lib/_stream_passthrough.js');.}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\transform.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):49
                                                                                                                                                                                                                      Entropy (8bit):4.404827956051038
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:1C25DB3B0DBF9EB68D7E2A7063CFCFCB
                                                                                                                                                                                                                      SHA1:50856785DFC8C7CD64838CEB52124FD30378A812
                                                                                                                                                                                                                      SHA-256:155F794C5C789568B7BC632CD37F28B9064890E887BFAB96A4393100218D4230
                                                                                                                                                                                                                      SHA-512:1D1F666A6E7025E797B93FF959EF4DF82989EFE52E14E1CDAC6B6B6041AB7C82A36720F3EFC44FFDE0A8784262C3E79F3250448DD926A7B82F0FF4FE167A2E59
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:module.exports = require('./readable').Transform.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\writable-browser.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):55
                                                                                                                                                                                                                      Entropy (8bit):4.528744204623185
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:41A26D0DB5DEA46383B4B625F05A9D30
                                                                                                                                                                                                                      SHA1:56A4597F339DF94654933E8E8264B2EDCDBCF2FB
                                                                                                                                                                                                                      SHA-256:427BAE9A6A026082E46ACB500DA48B270234EBC2A1DED1315B49ECCFA6311C61
                                                                                                                                                                                                                      SHA-512:A647F9F62968AB1F4E2CBBF35D7058A8EDB8FA1D4C3D6F858EA1F59523A09AA34E8EFE63E7F3DBA73E1A3D15509DAE82A058FB4AB531F9BD48EE314C446415D1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:module.exports = require('./lib/_stream_writable.js');.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\readable-stream\writable.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):229
                                                                                                                                                                                                                      Entropy (8bit):4.8560619569763315
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:8D7DF10A4331D4707C47AB9913F5E9A5
                                                                                                                                                                                                                      SHA1:D1906D0190FE89683D34219A9407AE905CD91233
                                                                                                                                                                                                                      SHA-256:74CBBDC5D60E1EE6560D2850515B68C3D6B39D9B2F32346AAC1386B031C2A661
                                                                                                                                                                                                                      SHA-512:7E3E6BE8CD809385DA3DCA21CC0AFB646218648DBA1AC1E5B8704B1F3030B659F065542C727323EB0A4DACC1F5D8486002AB447296A9ABCD62CDEDCC06ADBE74
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:var Stream = require("stream").var Writable = require("./lib/_stream_writable.js")..if (process.env.READABLE_STREAM === 'disable') {. module.exports = Stream && Stream.Writable || Writable.} else {. module.exports = Writable.}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\safe-buffer\LICENSE

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1081
                                                                                                                                                                                                                      Entropy (8bit):5.0875408334710945
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:BADD5E91C737E7FFDF10B40C1F907761
                                                                                                                                                                                                                      SHA1:07D9563F6153658DE124707787FF43F0458AB24A
                                                                                                                                                                                                                      SHA-256:C7CC929B57080F4B9D0C6CF57669F0463FC5B39906344DFC8D3BC43426B30EAC
                                                                                                                                                                                                                      SHA-512:EF233F8DB609B7025E2E027355EE0B5E7B65B537506412CA1A4D95E74F2BE2FE284C3A3FA36CB9D85DBD1A35FE650FE14DE5B4D93AB071F2024C1FC8CF40730E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:The MIT License (MIT)..Copyright (c) Feross Aboukhadijeh..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\safe-buffer\index.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1529
                                                                                                                                                                                                                      Entropy (8bit):4.76066280033095
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:B1622FF2944BA3F13A1CF6FBCF0F9E3F
                                                                                                                                                                                                                      SHA1:F67B8DECB99EED068F28C9AE56DF08C21BF4C33D
                                                                                                                                                                                                                      SHA-256:D58AF21CB0518864D0C505742D1AF71E5B5E1F142F4C0F27353AA0F431A616D4
                                                                                                                                                                                                                      SHA-512:600B49F49832EE51FFD8F6C99616387D93BB1FC2AFEE71D2066F982E39080A1508999EF2E2BF714D5F6ADABAA8B72D3C5CDB445C8C36B67064DD76B377B7F889
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:/* eslint-disable node/no-deprecated-api */.var buffer = require('buffer').var Buffer = buffer.Buffer..// alternative to using Object.keys for old browsers.function copyProps (src, dst) {. for (var key in src) {. dst[key] = src[key]. }.}.if (Buffer.from && Buffer.alloc && Buffer.allocUnsafe && Buffer.allocUnsafeSlow) {. module.exports = buffer.} else {. // Copy properties from require('buffer'). copyProps(buffer, exports). exports.Buffer = SafeBuffer.}..function SafeBuffer (arg, encodingOrOffset, length) {. return Buffer(arg, encodingOrOffset, length).}..// Copy static methods from Buffer.copyProps(Buffer, SafeBuffer)..SafeBuffer.from = function (arg, encodingOrOffset, length) {. if (typeof arg === 'number') {. throw new TypeError('Argument must not be a number'). }. return Buffer(arg, encodingOrOffset, length).}..SafeBuffer.alloc = function (size, fill, encoding) {. if (typeof size !== 'number') {. throw new TypeError('Argument must be a number'). }. var buf = Bu

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\safe-buffer\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):500
                                                                                                                                                                                                                      Entropy (8bit):4.661005353217207
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:B55E2FBA27745164C9CDB610293D470B
                                                                                                                                                                                                                      SHA1:BDF56F6D8CD14A6791C3A42F48E61D0A8FF660E8
                                                                                                                                                                                                                      SHA-256:0BB53DCF379FFEBC8F8BAA2D2A4EFC80BE25F203509DA73CC17864B97CB9556E
                                                                                                                                                                                                                      SHA-512:22150DD9B47BF3F92F2417AD484D696C4567D95F35EA47EC61A710B1A10567DF504358892F8B1E3FA7930D3C4424C09F90A84B2CB991FC5D3E33228EA50E1766
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "safe-buffer",. "description": "Safer Node.js Buffer API",. "version": "5.1.2",. "author": {. "name": "Feross Aboukhadijeh",. "email": "feross@feross.org",. "url": "http://feross.org". },. "devDependencies": {. "standard": "*",. "tape": "^4.0.0". },. "homepage": "https://github.com/feross/safe-buffer",. "license": "MIT",. "main": "index.js",. "types": "index.d.ts",. "repository": {. "type": "git",. "url": "git://github.com/feross/safe-buffer.git". }.}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\semver\LICENSE

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):765
                                                                                                                                                                                                                      Entropy (8bit):4.999520559493967
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:82703A69F6D7411DDE679954C2FD9DCA
                                                                                                                                                                                                                      SHA1:BB408E929CAEB1731945B2BA54BC337EDB87CC66
                                                                                                                                                                                                                      SHA-256:4EC3D4C66CD87F5C8D8AD911B10F99BF27CB00CDFCFF82621956E379186B016B
                                                                                                                                                                                                                      SHA-512:3FA748E59FB3AF0C5293530844FAA9606D9271836489D2C8013417779D10CC180187F5E670477F9EC77D341E0EF64EAB7DCFB876C6390F027BC6F869A12D0F46
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:The ISC License..Copyright (c) Isaac Z. Schlueter and Contributors..Permission to use, copy, modify, and/or distribute this software for any.purpose with or without fee is hereby granted, provided that the above.copyright notice and this permission notice appear in all copies...THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES.WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF.MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR.ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES.WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN.ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR.IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\semver\bin\semver

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:a /usr/bin/env node script, ASCII text executable
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4418
                                                                                                                                                                                                                      Entropy (8bit):4.509394298303882
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:8AFF9B25951596396B9058C31E6E5ED3
                                                                                                                                                                                                                      SHA1:4FC67E3F71ABA3021CF05C8C0513F75D094F9CBD
                                                                                                                                                                                                                      SHA-256:03F83D135AFD4855683FF95D708F671593AF782471DAF4794BA9079178AA1B03
                                                                                                                                                                                                                      SHA-512:1279100FEFE32BC7630ED6088C4EA431A93460ABA5FBBAC5E51E90EAB66E44117E3987345C455B465E219FB96CBA5FB6D44B4544D3E3170ADA7074BECD460CB9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:#!/usr/bin/env node.// Standalone semver comparison program..// Exits successfully and prints matching version(s) if.// any supplied version is valid and passes all tests...var argv = process.argv.slice(2)..var versions = []..var range = []..var inc = null..var version = require('../package.json').version..var loose = false..var includePrerelease = false..var coerce = false..var identifier..var semver = require('../semver')..var reverse = false..var options = {}..main()..function main () {. if (!argv.length) return help(). while (argv.length) {. var a = argv.shift(). var indexOfEqualSign = a.indexOf('='). if (indexOfEqualSign !== -1) {. a = a.slice(0, indexOfEqualSign). argv.unshift(a.slice(indexOfEqualSign + 1)). }. switch (a) {. case '-rv': case '-rev': case '--rev': case '--reverse':. reverse = true. break. case '-l': case '--loose':. loose = true. break. case '-p': case '--include-prerelease':. includePrer

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\semver\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):667
                                                                                                                                                                                                                      Entropy (8bit):4.6386881705900755
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:8E0E5B70211E4A72A8515CDBB62B0B79
                                                                                                                                                                                                                      SHA1:596CD619443D36F1FC13303C12A49FB051E87E4E
                                                                                                                                                                                                                      SHA-256:7281584DC6141795732406BBD3879ED25AACD2E402A942C71E36FA2F88686458
                                                                                                                                                                                                                      SHA-512:72D9E5098BF079F48AB1A80EBC786322D8077B90DA69693D7CB7DBC6B77FC244B54F43D3D006AE2EB423E314089E8B8C06652358D1B0CAC9DC400F8F1D9F07E8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "semver",. "version": "5.7.2",. "description": "The semantic version parser used by npm.",. "main": "semver.js",. "devDependencies": {. "@npmcli/template-oss": "4.17.0",. "tap": "^12.7.0". },. "license": "ISC",. "repository": {. "type": "git",. "url": "https://github.com/npm/node-semver.git". },. "bin": {. "semver": "./bin/semver". },. "files": [. "bin",. "range.bnf",. "semver.js". ],. "author": "GitHub Inc.",. "templateOSS": {. "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",. "content": "./scripts/template-oss",. "version": "4.17.0". }.}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\semver\range.bnf

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):619
                                                                                                                                                                                                                      Entropy (8bit):4.24704903804356
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:76D83B46734A4604DA9DF9998FE7D19E
                                                                                                                                                                                                                      SHA1:5C6F063E0EC60F2D04686F73A12BA5F389988A2B
                                                                                                                                                                                                                      SHA-256:ED628FDAFF64BE366D07F6CC4559EAE4DE109826F743EA7F5E1588C370BCA49A
                                                                                                                                                                                                                      SHA-512:40559A2C4890535B3F265AC188E40C0E38E43CF99C82B576117419DFDF05F3075B1ACCEE5609A4A890BFC8F279CC40D718AB2016D791527A4623811DE132E71B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:range-set ::= range ( logical-or range ) *.logical-or ::= ( ' ' ) * '||' ( ' ' ) *.range ::= hyphen | simple ( ' ' simple ) * | ''.hyphen ::= partial ' - ' partial.simple ::= primitive | partial | tilde | caret.primitive ::= ( '<' | '>' | '>=' | '<=' | '=' ) partial.partial ::= xr ( '.' xr ( '.' xr qualifier ? )? )?.xr ::= 'x' | 'X' | '*' | nr.nr ::= '0' | [1-9] ( [0-9] ) *.tilde ::= '~' partial.caret ::= '^' partial.qualifier ::= ( '-' pre )? ( '+' build )?.pre ::= parts.build ::= parts.parts ::= part ( '.' part ) *.part ::= nr | [-0-9A-Za-z]+.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\semver\semver.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):40812
                                                                                                                                                                                                                      Entropy (8bit):4.964760278637615
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:DE16D03358135DDB5CCED4F242BE473D
                                                                                                                                                                                                                      SHA1:4B85B5F963842409AB87E7714887D2D7CDD4C727
                                                                                                                                                                                                                      SHA-256:433D72CFD2383F94C8266E3AF185841E60AE88D7345D79F87073F473119425D8
                                                                                                                                                                                                                      SHA-512:0007213771CCBFDF3B2027E0275CCED7836FA7FBBB10D49ACF73EB1BB0F8C74C9561C19A3CD491EB5CF92F59502EE0FA977C6C619409DD83D0E7EA3B1AC53E29
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:exports = module.exports = SemVer..var debug./* istanbul ignore next */.if (typeof process === 'object' &&. process.env &&. process.env.NODE_DEBUG &&. /\bsemver\b/i.test(process.env.NODE_DEBUG)) {. debug = function () {. var args = Array.prototype.slice.call(arguments, 0). args.unshift('SEMVER'). console.log.apply(console, args). }.} else {. debug = function () {}.}..// Note: this is the semver.org version of the spec that it implements.// Not necessarily the package version of this code..exports.SEMVER_SPEC_VERSION = '2.0.0'..var MAX_LENGTH = 256.var MAX_SAFE_INTEGER = Number.MAX_SAFE_INTEGER ||. /* istanbul ignore next */ 9007199254740991..// Max safe segment length for coercion..var MAX_SAFE_COMPONENT_LENGTH = 16..var MAX_SAFE_BUILD_LENGTH = MAX_LENGTH - 6..// The actual regexps go on exports.re.var re = exports.re = [].var safeRe = exports.safeRe = [].var src = exports.src = [].var R = 0..var LETTERDASHNUMBER = '[a-zA-Z0-9-]'..// Replace some greedy regex toke

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\simple-get\LICENSE

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1081
                                                                                                                                                                                                                      Entropy (8bit):5.084853799840722
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:FB42E5AA12BB9E365D38B4B5691D6984
                                                                                                                                                                                                                      SHA1:0B07E9E19EDFDC78EE5954F0373459DBF7BA97F9
                                                                                                                                                                                                                      SHA-256:D4C2065E2B936E62A4EB400EFB4576EDEC9CA1388A9F78AA288E147275E7BC8B
                                                                                                                                                                                                                      SHA-512:50E2FFC46C70B93C6C6B22749CED928305C2D7CDA8D272D904E79A82094345DDB6ADDD5C26396EB60B65A5D13C49DE3ADD40E52A34765456180F51B21EBED7A2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:The MIT License (MIT)..Copyright (c) Feross Aboukhadijeh..Permission is hereby granted, free of charge, to any person obtaining a copy of.this software and associated documentation files (the "Software"), to deal in.the Software without restriction, including without limitation the rights to.use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of.the Software, and to permit persons to whom the Software is furnished to do so,.subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\simple-get\index.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3973
                                                                                                                                                                                                                      Entropy (8bit):4.772890495507467
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:DBFFEBC3B2F88AC8C4BE6E85E88309C6
                                                                                                                                                                                                                      SHA1:C7568774450A1C5CE981780A40C9536B2A9AA78F
                                                                                                                                                                                                                      SHA-256:D890D05E02B96325749879F6C6EA2333758B4055BAA8550A094FB4C598E2BC1B
                                                                                                                                                                                                                      SHA-512:F5BA0786FE1853485365D295F227DD782AA2998D82B458A0F47A41CA5DABE78ACA385A0FE9C267C58D0CDB55B548979A25C395A76FA002ADEC143B576D02FE05
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:module.exports = simpleGet..const concat = require('simple-concat').const decompressResponse = require('decompress-response') // excluded from browser build.const http = require('http').const https = require('https').const once = require('once').const querystring = require('querystring').const url = require('url')..const isStream = o => o !== null && typeof o === 'object' && typeof o.pipe === 'function'..function simpleGet (opts, cb) {. opts = Object.assign({ maxRedirects: 10 }, typeof opts === 'string' ? { url: opts } : opts). cb = once(cb).. if (opts.url) {. const { hostname, port, protocol, auth, path } = url.parse(opts.url) // eslint-disable-line node/no-deprecated-api. delete opts.url. if (!hostname && !port && !protocol && !auth) opts.path = path // Relative redirect. else Object.assign(opts, { hostname, port, protocol, auth, path }) // Absolute redirect. }.. const headers = { 'accept-encoding': 'gzip, deflate' }. if (opts.headers) Object.keys(opts.headers).forE

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\simple-get\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):789
                                                                                                                                                                                                                      Entropy (8bit):4.690997198342068
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:6436D9A533B1C40A65B70EB1913D2FA2
                                                                                                                                                                                                                      SHA1:87C47599612582F30B29FFA5D3ECAB033EE33579
                                                                                                                                                                                                                      SHA-256:4D540E92E820490A9B02CE92E65AE0C6B229D3A8971A97F346BBB355BBF501DC
                                                                                                                                                                                                                      SHA-512:CD4B90364EB8B7061C0C613D91E99131F5E15E6E9C5B3D123D710BEB1D5A986AF7BF8F2439641147C297EB68865EFE7438801F7DC822F36BCDD05545CFB9C106
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "simple-get",. "description": "Simplest way to make http get requests. Supports HTTPS, redirects, gzip/deflate, streams in < 100 lines.",. "version": "3.1.1",. "author": {. "name": "Feross Aboukhadijeh",. "email": "feross@feross.org",. "url": "http://feross.org/". },. "browser": {. "decompress-response": false. },. "dependencies": {. "decompress-response": "^4.2.0",. "once": "^1.3.1",. "simple-concat": "^1.0.0". },. "devDependencies": {. "self-signed-https": "^1.0.5",. "standard": "*",. "string-to-stream": "^3.0.0",. "tape": "^4.0.0". },. "homepage": "https://github.com/feross/simple-get",. "license": "MIT",. "main": "index.js",. "repository": {. "type": "git",. "url": "git://github.com/feross/simple-get.git". }.}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\string-width\index.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):741
                                                                                                                                                                                                                      Entropy (8bit):5.164517709070232
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:6F6896167219A6E5ED1303F389294B60
                                                                                                                                                                                                                      SHA1:488A7F558004CDE30CD57C2EEAC1ACA4E2947A7A
                                                                                                                                                                                                                      SHA-256:7D88178FB35726264FA3A8500ABEAE44D5B585491EDF3CD5B0ECF4DEC1BBB299
                                                                                                                                                                                                                      SHA-512:C1C67EB5E059CAF188C7317DA4B56F44BC190EF7A2ED65267B277420849B96FAEDA11054FBD0B92FF0097BB03106262A36C365B19A44948C369F28E1B2D095DA
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict';.var stripAnsi = require('strip-ansi');.var codePointAt = require('code-point-at');.var isFullwidthCodePoint = require('is-fullwidth-code-point');..// https://github.com/nodejs/io.js/blob/cff7300a578be1b10001f2d967aaedc88aee6402/lib/readline.js#L1345.module.exports = function (str) {..if (typeof str !== 'string' || str.length === 0) {...return 0;..}...var width = 0;...str = stripAnsi(str);...for (var i = 0; i < str.length; i++) {...var code = codePointAt(str, i);....// ignore control characters...if (code <= 0x1f || (code >= 0x7f && code <= 0x9f)) {....continue;...}....// surrogates...if (code >= 0x10000) {....i++;...}....if (isFullwidthCodePoint(code)) {....width += 2;...} else {....width++;...}..}...return width;.};.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\string-width\license

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1119
                                                                                                                                                                                                                      Entropy (8bit):5.1078795238525405
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:A12EBCA0510A773644101A99A867D210
                                                                                                                                                                                                                      SHA1:0C94F137F6E0536DB8CB2622A9DC84253B91B90C
                                                                                                                                                                                                                      SHA-256:6FB9754611C20F6649F68805E8C990E83261F29316E29DE9E6CEDAE607B8634C
                                                                                                                                                                                                                      SHA-512:AE79E7A4209A451AEF6B78F7B0B88170E7A22335126AC345522BF4EAFE0818DA5865AAE1507C5DC0224EF854548C721DF9A84371822F36D50CBCD97FA946EEE9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:The MIT License (MIT)..Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TO

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\string-width\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):590
                                                                                                                                                                                                                      Entropy (8bit):4.589220777924428
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:E6F27BFB862645F1EC21BEC9AB4048EE
                                                                                                                                                                                                                      SHA1:304531FB93A717B980385239E239B1A24F7C0436
                                                                                                                                                                                                                      SHA-256:C479ED4183A34EB912B880ABC86F49069312D4E9ECC12B605D396732FDC3999D
                                                                                                                                                                                                                      SHA-512:3D5ECE994706FAE060B649454D95EBD32868EB4E1C6CA58F72D91117EE44C6715083F2A5FF29CBF2C88762309AC51E497077301AAB826AA974019B81C7006274
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "string-width",. "version": "1.0.2",. "description": "Get the visual width of a string - the number of columns required to display it",. "license": "MIT",. "repository": "sindresorhus/string-width",. "author": {. "name": "Sindre Sorhus",. "email": "sindresorhus@gmail.com",. "url": "sindresorhus.com". },. "engines": {. "node": ">=0.10.0". },. "files": [. "index.js". ],. "dependencies": {. "code-point-at": "^1.0.0",. "is-fullwidth-code-point": "^1.0.0",. "strip-ansi": "^3.0.0". },. "devDependencies": {. "ava": "*",. "xo": "*". }.}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\string_decoder\LICENSE

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2338
                                                                                                                                                                                                                      Entropy (8bit):5.097111902986731
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:14AF51F8C0A6C6E400B53E18C6E5F85C
                                                                                                                                                                                                                      SHA1:36791EE8E28518F9FB92B51AD9E4247708BE9C55
                                                                                                                                                                                                                      SHA-256:11F2AAFB37D06B3EE5BDAF06E9811141D0DA05263C316F3D627F45C20D43261B
                                                                                                                                                                                                                      SHA-512:A7FFEF419C24A9420CE268A6F3C7CCA136BB47D2A33DA37D08BD5EA213A3F58E9E28375ED3BB457ECF7C0C1B3F1434366DA4E8BEF219482FCF599D804575E5FB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:Node.js is licensed for use as follows:..""".Copyright Node.js contributors. All rights reserved...Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT,

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\string_decoder\lib\string_decoder.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):9465
                                                                                                                                                                                                                      Entropy (8bit):5.018409398586293
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:0D4D70BA095A2AF4AFD7069A295D2F6C
                                                                                                                                                                                                                      SHA1:440BD1828612D1E583E33A4EC304673A11C782AF
                                                                                                                                                                                                                      SHA-256:F1D36D47B2C579063392C1A68963467F2D4F51A069AF09EB068D974C63EE3B37
                                                                                                                                                                                                                      SHA-512:F527FCAA28387A43A4DF21C3C2E43E001B036A179383A61C58E194A33F67AC3CE445EF692D21E8F79139374F4A0749D1CEBD2CDB59A4D9B4D2EC71BFFD8B3BE2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:// Copyright Joyent, Inc. and other Node contributors..//.// Permission is hereby granted, free of charge, to any person obtaining a.// copy of this software and associated documentation files (the.// "Software"), to deal in the Software without restriction, including.// without limitation the rights to use, copy, modify, merge, publish,.// distribute, sublicense, and/or sell copies of the Software, and to permit.// persons to whom the Software is furnished to do so, subject to the.// following conditions:.//.// The above copyright notice and this permission notice shall be included.// in all copies or substantial portions of the Software..//.// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS.// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN.// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,.// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONT

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\string_decoder\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):514
                                                                                                                                                                                                                      Entropy (8bit):4.724701028837968
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:D76FCD50A6553A9D65AAB07181C17D63
                                                                                                                                                                                                                      SHA1:93305D22FF05D0B79DDBAD2E03EE30446A3734AA
                                                                                                                                                                                                                      SHA-256:FFDF79E038970AEB9B6A2C5B2F2779E2E9BCFEFE779BFE197B19041D0D7EFE86
                                                                                                                                                                                                                      SHA-512:58AE754368E14FC62102B1B9FB5158A14089A45F933AE018CBFB6B55DD165C4CE1056E7278FD8B99C164054846855A445D8EB07F59E1220538C2F855D9E3642E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "string_decoder",. "version": "1.1.1",. "description": "The string_decoder module from Node core",. "main": "lib/string_decoder.js",. "dependencies": {. "safe-buffer": "~5.1.0". },. "devDependencies": {. "babel-polyfill": "^6.23.0",. "core-util-is": "^1.0.2",. "inherits": "^2.0.3",. "tap": "~0.4.8". },. "repository": {. "type": "git",. "url": "git://github.com/nodejs/string_decoder.git". },. "homepage": "https://github.com/nodejs/string_decoder",. "license": "MIT".}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\strip-ansi\index.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):161
                                                                                                                                                                                                                      Entropy (8bit):4.6187918340464105
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:E2962C78C9C5968C399C26413CA3E8BC
                                                                                                                                                                                                                      SHA1:FA7B64A04C5989A1C9B78E83768B90384AC9ABCC
                                                                                                                                                                                                                      SHA-256:02ABCD70C31523C8C34FFAA7222629AE14B12CCD425E49FFA964A5051614691C
                                                                                                                                                                                                                      SHA-512:4126A813C6458AA1E88D57F5D6F6EB3A7B7D0DB5288173903F74557D0D63BAF2B6753E0301BD08ABED1F8BEDBBDF50CA0D326475B467201C0B649E58990428D1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict';.var ansiRegex = require('ansi-regex')();..module.exports = function (str) {..return typeof str === 'string' ? str.replace(ansiRegex, '') : str;.};.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\strip-ansi\license

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1119
                                                                                                                                                                                                                      Entropy (8bit):5.1078795238525405
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:A12EBCA0510A773644101A99A867D210
                                                                                                                                                                                                                      SHA1:0C94F137F6E0536DB8CB2622A9DC84253B91B90C
                                                                                                                                                                                                                      SHA-256:6FB9754611C20F6649F68805E8C990E83261F29316E29DE9E6CEDAE607B8634C
                                                                                                                                                                                                                      SHA-512:AE79E7A4209A451AEF6B78F7B0B88170E7A22335126AC345522BF4EAFE0818DA5865AAE1507C5DC0224EF854548C721DF9A84371822F36D50CBCD97FA946EEE9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:The MIT License (MIT)..Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TO

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\node_modules\strip-ansi\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):658
                                                                                                                                                                                                                      Entropy (8bit):4.7594365116472535
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:62AA426528B1252BEB6AAEC2AA00C13B
                                                                                                                                                                                                                      SHA1:73DABF7C970FDC9E463EBF8A744724A633417EAB
                                                                                                                                                                                                                      SHA-256:630CD995481567858A023F77C88722AAFD373B1BFDE5CB515E37D5C312DACC8F
                                                                                                                                                                                                                      SHA-512:FDA8BFC417188FAC6F69FFC3D58194F7E7C75F0894832CA61CD43C86C01A198571B6BC622022AAEC27C0151292E2D4E1E42CB16652A1A12CCB6A17020B06C194
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "strip-ansi",. "version": "3.0.1",. "description": "Strip ANSI escape codes",. "license": "MIT",. "repository": "chalk/strip-ansi",. "author": {. "name": "Sindre Sorhus",. "email": "sindresorhus@gmail.com",. "url": "sindresorhus.com". },. "maintainers": [. "Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)",. "Joshua Boy Nicolai Appelman <joshua@jbna.nl> (jbna.nl)",. "JD Ballard <i.am.qix@gmail.com> (github.com/qix-)". ],. "engines": {. "node": ">=0.10.0". },. "files": [. "index.js". ],. "dependencies": {. "ansi-regex": "^2.0.0". },. "devDependencies": {. "ava": "*",. "xo": "*". }.}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):919
                                                                                                                                                                                                                      Entropy (8bit):4.728215770459524
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:94166DF58D712C313447906A449CE710
                                                                                                                                                                                                                      SHA1:D7BF4122D5DB1404D832F2A0A1BEDD1DF234D115
                                                                                                                                                                                                                      SHA-256:88D3D6CA0696AED98CF288E99E4F56E0ED884FE11C93C89CC5868F2872315C05
                                                                                                                                                                                                                      SHA-512:AC30F9E0489F6001EAED2332DF90B0D2BC49D23F27925E5F97B2A3D54B8D6542DE9DC0B682ECA2FA9130683919596E93E9181F47134EBDCD29799D3CC5C55048
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "registry-js",. "version": "1.16.0",. "description": "A simple and opinionated library for working with the Windows registry",. "main": "dist/lib/index.js",. "typings": "dist/lib/index.d.ts",. "repository": {. "type": "git",. "url": "git+https://github.com/desktop/registry-js.git". },. "author": "",. "license": "MIT",. "homepage": "https://github.com/desktop/registry-js#readme",. "devDependencies": {. "@types/benchmark": "^1.0.31",. "@types/jest": "^26.0.13",. "@types/node": "^12.0.0",. "benchmark": "^2.1.4",. "jest": "^26.4.2",. "node-abi": "^2.21.0",. "prebuild": "^10.0.1",. "prettier": "^2.0.5",. "ts-node": "^9.0.0",. "typescript": "^3.9.0". },. "dependencies": {. "node-addon-api": "^3.1.0",. "prebuild-install": "^5.3.5". },. "binary": {. "napi_versions": [. 3. ]. },. "config": {. "runtime": "napi",. "target": 3. }.}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\LICENSE

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1460
                                                                                                                                                                                                                      Entropy (8bit):5.112994396210687
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:79558839A9DB3E807E4AE6F8CD100C1C
                                                                                                                                                                                                                      SHA1:AE3DBCEE04C86FBC589FCF2547D4AAAEB41DB3C2
                                                                                                                                                                                                                      SHA-256:7686F81E580CD6774F609A2D8A41B2CEBDF79BC30E6B46C3EFFF5A656158981C
                                                                                                                                                                                                                      SHA-512:B42C93F2B097AFA6E09D79ED045B4DD293DF2C29D91DDA5DDA04084D3329B721A6AA92A6AD6714564386A7928E9AF9195AC310DEECD37A93BB04B6A6F744BE46
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:Copyright (c) MapBox.All rights reserved...Redistribution and use in source and binary forms, with or without modification,.are permitted provided that the following conditions are met:..- Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer..- Redistributions in binary form must reproduce the above copyright notice, this. list of conditions and the following disclaimer in the documentation and/or. other materials provided with the distribution..- Neither the name "MapBox" nor the names of its contributors may be. used to endorse or promote products derived from this software without. specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE.DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.node

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1892864
                                                                                                                                                                                                                      Entropy (8bit):6.574493294167515
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:55C17FC28239B0E8EA873F9C9C4E2C02
                                                                                                                                                                                                                      SHA1:C1BE46FC03E63EAE5145018C1EE3E70B3AF9338F
                                                                                                                                                                                                                      SHA-256:85EC4E3BCEC60EC481CD712B4FCBE83631D5AC1E189A87B08A33E1C85F206A66
                                                                                                                                                                                                                      SHA-512:4D670CF1A2D88452B0D384044F0D0C0F83475E0844711DF5420C0CFD0567AC6B655AA75FDA81DD2F35BBE7DB6C380F0B50E3C6F1D9506096EF17F8D3A8CAB7D2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s... ... ... ...!... ...!D.. ...!... ..!... ..!... ..!... ...!... ... ... .U.!... .U.!... .U. ... .U.!... Rich... ........PE..d......e.........." ...%.....6......,........................................@............`.........................................py.......y..(...............\............ ..4.......p...............................@...................\n..@....................text............................... ..`.rdata..^...........................@..@.data... f.......P...|..............@....pdata..\...........................@..@_RDATA..\...........................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\common-sqlite.gypi

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1322
                                                                                                                                                                                                                      Entropy (8bit):4.269649469997749
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:0AD55AE01864DF3767D7B61678BD326E
                                                                                                                                                                                                                      SHA1:FFEDCC19095FD54F8619F00F55074F275CEDDFD6
                                                                                                                                                                                                                      SHA-256:4D65F2899FB54955218F28EC358A2CAD2C2074A7B43F862933C6A35E69AE0632
                                                                                                                                                                                                                      SHA-512:AAEE895D110D67E87ED1E8ED6557B060A0575F466A947A4F59CC9D111381E1AF6AA54D432233716C78F146168D548A726FED1EAB2B3F09BB71E0AE7F4FDC69E3
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. 'variables': {. 'sqlite_version%':'3440200',. "toolset%":'',. },. 'target_defaults': {. 'default_configuration': 'Release',. 'conditions': [. [ 'toolset!=""', {. 'msbuild_toolset':'<(toolset)'. }]. ],. 'configurations': {. 'Debug': {. 'defines!': [. 'NDEBUG'. ],. 'cflags_cc!': [. '-O3',. '-Os',. '-DNDEBUG'. ],. 'xcode_settings': {. 'OTHER_CPLUSPLUSFLAGS!': [. '-O3',. '-Os',. '-DDEBUG'. ],. 'GCC_OPTIMIZATION_LEVEL': '0',. 'GCC_GENERATE_DEBUGGING_SYMBOLS': 'YES'. },. 'msvs_settings': {. 'VCCLCompilerTool': {. 'ExceptionHandling': 1, # /EHsc. }. }. },. 'Release': {. 'defines': [. 'NDEBUG'. ],. 'xcode_settings': {. 'OTHER_CPLUSPLUSFLAGS!': [. '-Os',. '-O2'. ],. 'GCC_

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\extract.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):224
                                                                                                                                                                                                                      Entropy (8bit):4.702985304607579
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:F0A82A6A6043BF87899114337C67DF6C
                                                                                                                                                                                                                      SHA1:A906C146EB0A359742FF85C1D96A095BD0DD95FD
                                                                                                                                                                                                                      SHA-256:5BE353D29C0FABEA29CFD34448C196DA9506009C0B20FDE55E01D4191941DD74
                                                                                                                                                                                                                      SHA-512:D26879F890226808D9BD2644C5CA85CC339760E86B330212505706E5749464FAFAD1CB5F018C59A8F034D68D327CD3FA5234CEAC0677DE1AC9AE09039F574240
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:const tar = require("tar");.const path = require("path");.const tarball = path.resolve(process.argv[2]);.const dirname = path.resolve(process.argv[3]);..tar.extract({. sync: true,. file: tarball,. cwd: dirname,.});.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite-autoconf-3440200.tar.gz

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:gzip compressed data, from Unix, original size modulo 2^32 12625920
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3204841
                                                                                                                                                                                                                      Entropy (8bit):7.999490325438607
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:C02F40FD4F809CED95096250ADC5764A
                                                                                                                                                                                                                      SHA1:8398DD159F3A1FD8F1C5EDF02C687512EAAB69E4
                                                                                                                                                                                                                      SHA-256:1C6719A148BC41CF0F2BBBE3926D7CE3F5CA09D878F1246FCC20767B175BB407
                                                                                                                                                                                                                      SHA-512:59AD55DF15EB84430F5286DB2E5CEDDD6CA1FC207A6343546A365C0C1BAF20258E96C53D2AD48B50385608D03DE09A692AE834CB78A39D1A48CB36A05722E402
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:...........[{W.....:.....B.!..c.[.8..I...1V.%...q.~...{fd..H.r..].Z...g.=.=c..0He....G....f.^.V...O.....}....O.|S.........7..Fu......H|..M...w.[......Q.../.O.P~.5x..>.....[......V..Q.*....?..... .*j.../.w2....0..(q5....c...F>.R7.E..R\,;..`.^.#...z..C..Q.n.....8.7.@o.Y...R.*j..=*....O...x.^....1.pS.Z...+3ZA..H.f...E?..r&.....7;....|.`0..G...$>O...!.W.....S.H...4...T. . ......g...bE:."..X.x./.G..@F2qCq2...':.'#%....E...|..&|..]!..'.N...Px.e"...Z..7...M.Co&uN./.......?.H.t....H1Ur8....c..v...i_4.^...n.q......(F....R0..............n.9f4..;..k....?j.zb..+......FW..vO.{...=IHI...C..p....J......Y.{).............$bg.G.L!..Y...C..u....Q.N.N.ruuU......j ..i....j".......-.i|..."..&.DN...!...MR...v...f............z(.y.%P4.e_g...3...N}....R....&......S.%48.*.F..c%.)...x..Z....{..'.t....I.Bx..e..]....p.....08.7.F.Fb.c;.d....#...N..y)E$.....VN..):.D......D(P2.ir..L.(.s....$P.C.D...P.._.l......d.`w@:...J^.\s.e.i.....P......!..a[.....4..&.#.}~...6c..A.a

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\deps\sqlite3.gyp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3021
                                                                                                                                                                                                                      Entropy (8bit):4.679912791477012
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:0E4D1D898D697EC33A9AD8A27F0483BF
                                                                                                                                                                                                                      SHA1:1505F707A17F35723CD268744C189D8DF47BB3A3
                                                                                                                                                                                                                      SHA-256:8793F62B1133892BA376D18A15F552EF12B1E016F7E5DF32FFB7279B760C11BD
                                                                                                                                                                                                                      SHA-512:C530ABA70E5555A27D547562D8B826B186540068AF9B4CCD01483EC39F083A991AC11D0CC66F40ACAA8B03D774080F227EE705A38995F356A14ABE6E5F97B545
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. 'includes': [ 'common-sqlite.gypi' ],.. 'variables': {. 'sqlite_magic%': '',. },.. 'target_defaults': {. 'default_configuration': 'Release',. 'cflags':[. '-std=c99'. ],. 'configurations': {. 'Debug': {. 'defines': [ 'DEBUG', '_DEBUG' ],. 'msvs_settings': {. 'VCCLCompilerTool': {. 'RuntimeLibrary': 1, # static debug. },. },. },. 'Release': {. 'defines': [ 'NDEBUG' ],. 'msvs_settings': {. 'VCCLCompilerTool': {. 'RuntimeLibrary': 0, # static release. },. },. }. },. 'msvs_settings': {. 'VCCLCompilerTool': {. },. 'VCLibrarianTool': {. },. 'VCLinkerTool': {. 'GenerateDebugInformation': 'true',. },. },. 'conditions': [. ['OS == "win"', {. 'defines': [. 'WIN32'. ],. }]. ],. },.. 'targets': [. {. 'target_name': 'action_before_build',. 'type': 'none',.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):59
                                                                                                                                                                                                                      Entropy (8bit):4.439231872095227
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:8582B2DCAED9C5A6F3B7CFE150545254
                                                                                                                                                                                                                      SHA1:14667874E0BFBE4FFC951F3E4BEC7C5CF44E5A81
                                                                                                                                                                                                                      SHA-256:762C7A74D7F92860A3873487B68E89F654A21D2AAEAE9524EAB5DE9C65E66A9C
                                                                                                                                                                                                                      SHA-512:22EC4DF7697322B23AE2E73C692ED5C925D50FDE2B7E72BFC2D5DD873E2DA51834B920DEA7C67CCA5733E8A3F5E603805762E8BE238C651AA40290452843411D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:module.exports = require('bindings')('node_sqlite3.node');.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):6365
                                                                                                                                                                                                                      Entropy (8bit):4.5893883775756406
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:275019A4199A84CFD18ABD0F1AE497AA
                                                                                                                                                                                                                      SHA1:8601683F9B6206E525E4A087A7CCA40D07828FD8
                                                                                                                                                                                                                      SHA-256:8D6B400AE7F69A80D0CDD37A968D7B9A913661FA53475E5B8DE49DDA21684973
                                                                                                                                                                                                                      SHA-512:6422249CCD710973F15D1242A8156D98FA8BDEA820012DF669E5363C50C5D8492D21FFEFCDFA05B46C3C18033DDE30F03349E880A4943FEDA8D1EE3C00F952B0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:const path = require('path');.const sqlite3 = require('./sqlite3-binding.js');.const EventEmitter = require('events').EventEmitter;.module.exports = exports = sqlite3;..function normalizeMethod (fn) {. return function (sql) {. let errBack;. const args = Array.prototype.slice.call(arguments, 1);.. if (typeof args[args.length - 1] === 'function') {. const callback = args[args.length - 1];. errBack = function(err) {. if (err) {. callback(err);. }. };. }. const statement = new Statement(this, sql, errBack);. return fn.call(this, statement, args);. };.}..function inherits(target, source) {. for (const k in source.prototype). target.prototype[k] = source.prototype[k];.}..sqlite3.cached = {. Database: function(file, a, b) {. if (file === '' || file === ':memory:') {. // Don't cache special databases.. return new Database(fi

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\lib\trace.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1357
                                                                                                                                                                                                                      Entropy (8bit):4.369532219363835
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:E5C2DE3C74BC66D4906BB34591859A5F
                                                                                                                                                                                                                      SHA1:37EC527D9798D43898108080506126B4146334E7
                                                                                                                                                                                                                      SHA-256:D06CAEC6136120C6FB7EE3681B1CA949E8B634E747EA8D3080C90F35AEB7728F
                                                                                                                                                                                                                      SHA-512:E250E53DAE618929CBF3CB2F1084A105D3A78BDFB6BB29E290F63A1FD5FBB5B2FAB934AD16BC285E245D749A90C84BDC72FDC1A77AF912B7356C18B0B197FBE5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:// Inspired by https://github.com/tlrobinson/long-stack-traces.const util = require('util');..function extendTrace(object, property, pos) {. const old = object[property];. object[property] = function() {. const error = new Error();. const name = object.constructor.name + '#' + property + '(' +. Array.prototype.slice.call(arguments).map(function(el) {. return util.inspect(el, false, 0);. }).join(', ') + ')';.. if (typeof pos === 'undefined') pos = -1;. if (pos < 0) pos += arguments.length;. const cb = arguments[pos];. if (typeof arguments[pos] === 'function') {. arguments[pos] = function replacement() {. const err = arguments[0];. if (err && err.stack && !err.__augmented) {. err.stack = filter(err).join('\n');. err.stack += '\n--> in ' + name;. err.stack += '\n' + filter(error).slice(1).join('\n');.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\LICENSE.md

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (460)
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1150
                                                                                                                                                                                                                      Entropy (8bit):5.128918748605585
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:FC3FF1120869BE6B3CCE17F9A06BFE2E
                                                                                                                                                                                                                      SHA1:59CBD579B31F0C6932DEAF31D0181203C501C9B1
                                                                                                                                                                                                                      SHA-256:89024017B88A9F2B763F79B941A4F2DB3B4428EDFCACDC0B23866B2DA633AD0C
                                                                                                                                                                                                                      SHA-512:54481C328231787E3319E8678B56B0C898BB6D7B1302A7C74320060116FC03A6D747D02DF068BBA7960A71A78608F3A5B40A3E110BAE107D41BB40988D8FC2B2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:The MIT License (MIT)..Copyright (c) 2017 [Node.js API collaborators](https://github.com/nodejs/node-addon-api#collaborators)..Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETH

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\common.gypi

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):724
                                                                                                                                                                                                                      Entropy (8bit):5.176944134630747
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:3B40C0A5CB6A8389C9A2CB3F25282D7A
                                                                                                                                                                                                                      SHA1:7A3C3551EC4D896D96E5ADB31606367BF4D4011C
                                                                                                                                                                                                                      SHA-256:60083CA8544CFEE3B47CE2AE1FAF394DA40BF24722AD4FB7828EB9598E8101D6
                                                                                                                                                                                                                      SHA-512:F05C7CE5558731CE30CA17EF1B952DCF15C54641B784E09EC4272150041016B5B016845B36B337C84B63A63A8F8937CB61D3A07ACD2D9DC7E74E4DC258614E89
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. 'variables': {. 'NAPI_VERSION%': "<!(node -p \"process.env.NAPI_VERSION || process.versions.napi\")",. 'disable_deprecated': "<!(node -p \"process.env['npm_config_disable_deprecated']\")". },. 'conditions': [. ['NAPI_VERSION!=""', { 'defines': ['NAPI_VERSION=<@(NAPI_VERSION)'] } ],. ['disable_deprecated=="true"', {. 'defines': ['NODE_ADDON_API_DISABLE_DEPRECATED']. }],. ['OS=="mac"', {. 'cflags+': ['-fvisibility=hidden'],. 'xcode_settings': {. 'OTHER_CFLAGS': ['-fvisibility=hidden']. }. }]. ],. 'cflags': [ '-Werror', '-Wall', '-Wextra', '-Wpedantic', '-Wunused-parameter' ],. 'cflags_cc': [ '-Werror', '-Wall', '-Wextra', '-Wpedantic', '-Wunused-parameter' ].}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\except.gypi

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):560
                                                                                                                                                                                                                      Entropy (8bit):4.74785336192161
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:1FE1FF8CA630AC3F8A8B9C4AC7E08AAD
                                                                                                                                                                                                                      SHA1:5D5716C9CAC44EEB2D911CCE7DC68F32BF49D47C
                                                                                                                                                                                                                      SHA-256:DDBC09F5B66FE24DD898FBE659085A6FF72E9575025004FC3762271DBA781E8B
                                                                                                                                                                                                                      SHA-512:F34EABBB5C9539EC64F9470754783E8D2AD004F2F1613DDF2A4E7CBF2D3E0427496B60ACB3D2E0CE03D68E38117351E88EF1D2A9123659A0556F0A3D0DFF50A7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. 'defines': [ 'NAPI_CPP_EXCEPTIONS' ],. 'cflags!': [ '-fno-exceptions' ],. 'cflags_cc!': [ '-fno-exceptions' ],. 'conditions': [. ["OS=='win'", {. "defines": [. "_HAS_EXCEPTIONS=1". ],. "msvs_settings": {. "VCCLCompilerTool": {. "ExceptionHandling": 1,. 'EnablePREfast': 'true',. },. },. }],. ["OS=='mac'", {. 'xcode_settings': {. 'GCC_ENABLE_CPP_EXCEPTIONS': 'YES',. 'CLANG_CXX_LIBRARY': 'libc++',. 'MACOSX_DEPLOYMENT_TARGET': '10.7',. },. }],. ],.}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\index.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):377
                                                                                                                                                                                                                      Entropy (8bit):4.875137951099572
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:76046A66F40449026E5B595AD0424518
                                                                                                                                                                                                                      SHA1:11A716C723F52E55494C0F1FC48DFCFAE23A848F
                                                                                                                                                                                                                      SHA-256:BE71328F325CF541F37704A644E53CD04AF1B69BC119B39733D64589E64DFFDB
                                                                                                                                                                                                                      SHA-512:ECF086016A9B06F9970D919E3AEAA138BD8311F86AB93999B9487E8B1BF124BFBFE0D856AAED1C01601DF85C6FED13B2E640D05C14A148010B03049BE10F3883
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:const path = require('path');..const includeDir = path.relative('.', __dirname);..module.exports = {. include: `"${__dirname}"`, // deprecated, can be removed as part of 4.0.0. include_dir: includeDir,. gyp: path.join(includeDir, 'node_api.gyp:nothing'), // deprecated.. targets: path.join(includeDir, 'node_addon_api.gyp'),. isNodeApiBuiltin: true,. needsFlag: false.};.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\napi-inl.deprecated.h

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:C++ source, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):6323
                                                                                                                                                                                                                      Entropy (8bit):4.324246293418274
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:AFA451C950B59BF34189CF627881FC38
                                                                                                                                                                                                                      SHA1:F420000CB09F5546BD8F04D69C9736F6511AC46E
                                                                                                                                                                                                                      SHA-256:B66ED1E565E735BBFABCC2F72D466AB7C5414D3EF8851D1AF440B81BE7F2375C
                                                                                                                                                                                                                      SHA-512:3B85FC0BB429FF1519B697BF7B543E8265224BB9027CEB6A947BDF6108DFF56DF797D911E6F42F74664AE9AF798B060BEC1B081065EBE67286725F22445388D6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:#ifndef SRC_NAPI_INL_DEPRECATED_H_.#define SRC_NAPI_INL_DEPRECATED_H_..////////////////////////////////////////////////////////////////////////////////.// PropertyDescriptor class.////////////////////////////////////////////////////////////////////////////////..template <typename Getter>.inline PropertyDescriptor PropertyDescriptor::Accessor(. const char* utf8name,. Getter getter,. napi_property_attributes attributes,. void* /*data*/) {. using CbData = details::CallbackData<Getter, Napi::Value>;. // TODO: Delete when the function is destroyed. auto callbackData = new CbData({getter, nullptr});.. return PropertyDescriptor({utf8name,. nullptr,. nullptr,. CbData::Wrapper,. nullptr,. nullptr,. attributes,. callbackData});.}..template <typename Getter>.inline PropertyDescriptor Prop

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\napi-inl.h

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:C++ source, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):219411
                                                                                                                                                                                                                      Entropy (8bit):4.936498759320801
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:EEABF0F97BC38EF266CA00C3AE93C65A
                                                                                                                                                                                                                      SHA1:B5E210F136E169374FA1A421896EF3D9AE57865C
                                                                                                                                                                                                                      SHA-256:4B053C184DFED740FBD802FDCF97E85FB8C7B0EB1D83322000D932D31662EDA7
                                                                                                                                                                                                                      SHA-512:AFDEBB4991BA10FC668C5BCA74AF6E012BAEBA5729169B18FE439FBE85DDAEBF27F9AC89B0459C403595577121246234F2D09A2C9199E5E980812CA61E46EBC7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:#ifndef SRC_NAPI_INL_H_.#define SRC_NAPI_INL_H_..////////////////////////////////////////////////////////////////////////////////.// Node-API C++ Wrapper Classes.//.// Inline header-only implementations for "Node-API" ABI-stable C APIs for.// Node.js..////////////////////////////////////////////////////////////////////////////////..// Note: Do not include this file directly! Include "napi.h" instead...#include <algorithm>.#include <cstring>.#if NAPI_HAS_THREADS.#include <mutex>.#endif // NAPI_HAS_THREADS.#include <type_traits>.#include <utility>..namespace Napi {..#ifdef NAPI_CPP_CUSTOM_NAMESPACE.namespace NAPI_CPP_CUSTOM_NAMESPACE {.#endif..// Helpers to handle functions exposed from C++ and internal constants..namespace details {..// New napi_status constants not yet available in all supported versions of.// Node.js releases. Only necessary when they are used in napi.h and napi-inl.h..constexpr int napi_no_external_buffers_allowed = 22;..template <typename FreeType>.inline void defa

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\napi.h

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:C++ source, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):115423
                                                                                                                                                                                                                      Entropy (8bit):4.8106882141048875
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:7E2699EFB1E4ADFC553C568FAF7E8684
                                                                                                                                                                                                                      SHA1:A7E78CAFB8E4360AC8DD95D7F1D8AA79029C6511
                                                                                                                                                                                                                      SHA-256:2F2F5D1E4CA96F315C51AD96C292C18294DBB999B98F8B2F33B80816A3189FB0
                                                                                                                                                                                                                      SHA-512:F102BA1E882A850F8229F88AA115E115ED2F73DE00DF5CBFCCF2C81969DA8A40C26B06DABAB636F2FBA6260BA0A4DCC928EC9DC06E7870978F3C67DE3C60A578
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:#ifndef SRC_NAPI_H_.#define SRC_NAPI_H_..#ifndef NAPI_HAS_THREADS.#if !defined(__wasm__) || (defined(__EMSCRIPTEN_PTHREADS__) || \. (defined(__wasi__) && defined(_REENTRANT))).#define NAPI_HAS_THREADS 1.#else.#define NAPI_HAS_THREADS 0.#endif.#endif..#include <node_api.h>.#include <functional>.#include <initializer_list>.#include <memory>.#if NAPI_HAS_THREADS.#include <mutex>.#endif // NAPI_HAS_THREADS.#include <string>.#include <vector>..// VS2015 RTM has bugs with constexpr, so require min of VS2015 Update 3 (known.// good version).#if !defined(_MSC_VER) || _MSC_FULL_VER >= 190024210.#define NAPI_HAS_CONSTEXPR 1.#endif..// VS2013 does not support char16_t literal strings, so we'll work around it.// using wchar_t strings and casting them. This is safe as long as the character.// sizes are the same..#if defined(_MSC_VER) && _MSC_VER <= 1800.static_assert(sizeof(char16_t) == sizeof(wchar_t),. "Size mismatch between char16_t and wch

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\node_addon_api.gyp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):793
                                                                                                                                                                                                                      Entropy (8bit):4.268400332144667
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:11A027235C92C4253B61B1B7595FF761
                                                                                                                                                                                                                      SHA1:F44CC4179B8B5AEBF5C8160F3C317ABCA62F658B
                                                                                                                                                                                                                      SHA-256:A1F080CA22F191902D118BC2A169984A9E761AF091CA6D0EA456197BF7B6543C
                                                                                                                                                                                                                      SHA-512:4386611FD3BDCC9CD041E17A6B5B7939C13F75733F3D2B56FBCB8A5C37D431C28139E680B5AAF78D1956FED965630F72364E4A51F9F57247784BE9FB33383CEF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. 'targets': [. {. 'target_name': 'node_addon_api',. 'type': 'none',. 'sources': [ 'napi.h', 'napi-inl.h' ],. 'direct_dependent_settings': {. 'include_dirs': [ '.' ],. 'includes': ['noexcept.gypi'],. }. },. {. 'target_name': 'node_addon_api_except',. 'type': 'none',. 'sources': [ 'napi.h', 'napi-inl.h' ],. 'direct_dependent_settings': {. 'include_dirs': [ '.' ],. 'includes': ['except.gypi'],. }. },. {. 'target_name': 'node_addon_api_maybe',. 'type': 'none',. 'sources': [ 'napi.h', 'napi-inl.h' ],. 'direct_dependent_settings': {. 'include_dirs': [ '.' ],. 'includes': ['noexcept.gypi'],. 'defines': ['NODE_ADDON_API_ENABLE_MAYBE']. }. },. ].}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\node_api.gyp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):132
                                                                                                                                                                                                                      Entropy (8bit):4.010854302019321
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:FCEC1557AC47891385AE1F67E6DA343A
                                                                                                                                                                                                                      SHA1:E361D3A3BE19E802820F2FE59BFDF7C9EF72FC74
                                                                                                                                                                                                                      SHA-256:3CD2C44FB0974F016376B676D46BBEBBCA7C89D4383B09ECE30E4CB4122A1499
                                                                                                                                                                                                                      SHA-512:43715845F701ABDC09FE59D33E3F61E19278ABBACB122EDAF1B26DE55BD80B3354B76D5616905C8038EB6158C3399162B40A73742B7E4C733B3AC187E9DB0AA3
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. 'targets': [. {. 'target_name': 'nothing',. 'type': 'static_library',. 'sources': [ 'nothing.c' ]. }. ].}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\noexcept.gypi

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):639
                                                                                                                                                                                                                      Entropy (8bit):4.818477314989795
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:D75852A9F1E16B44A8E8D568CD2CEF04
                                                                                                                                                                                                                      SHA1:4BF93F1EF3E5875CC40632CF229DEA170C8F03B3
                                                                                                                                                                                                                      SHA-256:494060B87197C489497A038504147C435B1D09306152048ADD42BA0D7D16E747
                                                                                                                                                                                                                      SHA-512:857923151649B77E35C0D1A4F3191FE65463AB2FB5746256692F96F8DC810A9E40EEFA85EAA8141AFED49DD896F7CB58E2EB4893F94B40E4259718C50B93074C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. 'defines': [ 'NAPI_DISABLE_CPP_EXCEPTIONS' ],. 'cflags': [ '-fno-exceptions' ],. 'cflags_cc': [ '-fno-exceptions' ],. 'conditions': [. ["OS=='win'", {. # _HAS_EXCEPTIONS is already defined and set to 0 in common.gypi. #"defines": [. # "_HAS_EXCEPTIONS=0". #],. "msvs_settings": {. "VCCLCompilerTool": {. 'ExceptionHandling': 0,. 'EnablePREfast': 'true',. },. },. }],. ["OS=='mac'", {. 'xcode_settings': {. 'CLANG_CXX_LIBRARY': 'libc++',. 'MACOSX_DEPLOYMENT_TARGET': '10.7',. 'GCC_ENABLE_CPP_EXCEPTIONS': 'NO',. },. }],. ],.}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\package-support.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):467
                                                                                                                                                                                                                      Entropy (8bit):4.019589958784576
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:33E3FB94807BCD5102535F476C6A46A8
                                                                                                                                                                                                                      SHA1:DEDC07E9973F104E29D2EEE9AD3468B0F40DD620
                                                                                                                                                                                                                      SHA-256:B1CB7DA23CCA1681C7392A3C889EB0CC4916C53D2D7692D4B654AE751F3442F3
                                                                                                                                                                                                                      SHA-512:BBC762C8886EC78FD889B46ABFD9F9ACA7F5D2CADBF9676F6A010026D4056CAA076516380B3C0737C61962E8BB5B0555095DD0386C99D9DA773C200CFA130755
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "versions": [. {. "version": "*",. "target": {. "node": "active". },. "response": {. "type": "time-permitting",. "paid": false,. "contact": {. "name": "node-addon-api team",. "url": "https://github.com/nodejs/node-addon-api/issues". }. },. "backing": [ { "project": "https://github.com/nodejs" },. { "foundation": "https://openjsf.org/" }. ]. }. ].}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):928
                                                                                                                                                                                                                      Entropy (8bit):4.802440839392239
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:CFFD26F7951AA53579CDCB8684C8173C
                                                                                                                                                                                                                      SHA1:AB930E4C9613A991EC650C99BD2DE1F6225E2D8C
                                                                                                                                                                                                                      SHA-256:E9E737176E64BC99A3AABA4300AABEDEA056FC44F4D7F2B3C12943A2FC0A21C3
                                                                                                                                                                                                                      SHA-512:44112630E6E4A9FD72BF0A4188FAAE3E241A69DFBE41C4F0DB58F43FC78822F080F39166C7A9AC0E136D4F325E3FEA653E8AD87C5039FED747F5BEED6D64373B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "description": "Node.js API (Node-API)",. "devDependencies": {. "benchmark": "^2.1.4",. "bindings": "^1.5.0",. "clang-format": "^1.4.0",. "eslint": "^7.32.0",. "eslint-config-semistandard": "^16.0.0",. "eslint-config-standard": "^16.0.3",. "eslint-plugin-import": "^2.24.2",. "eslint-plugin-node": "^11.1.0",. "eslint-plugin-promise": "^5.1.0",. "fs-extra": "^11.1.1",. "path": "^0.12.7",. "pre-commit": "^1.2.2",. "safe-buffer": "^5.1.1". },. "directories": {},. "gypfile": false,. "homepage": "https://github.com/nodejs/node-addon-api",. "license": "MIT",. "main": "index.js",. "name": "node-addon-api",. "readme": "README.md",. "repository": {. "type": "git",. "url": "git://github.com/nodejs/node-addon-api.git". },. "files": [. "*.{c,h,gyp,gypi}",. "package-support.json",. "tools/". ],. "pre-commit": "lint",. "version": "7.1.1",. "support": true.}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\tools\README.md

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (339)
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3217
                                                                                                                                                                                                                      Entropy (8bit):4.926428555338531
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:34143C24D232AC62205EC0B7601CB109
                                                                                                                                                                                                                      SHA1:3DECBDEED6F0C742925A5BE9B78F5251A4C0B569
                                                                                                                                                                                                                      SHA-256:65E9EA918538F453166B10A1D609CF44CEC3D2D01F23FECB5265FB3A4BF303D5
                                                                                                                                                                                                                      SHA-512:07DAD1D9C5C618AFC5FE2B8183EA40DB0CD736E0600BA8BDE4F38DB726D85E277C460140EF312C91A748A208FFA72283BE01A224F976F3421F144A2977EA4B2F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:# Tools..## clang-format..The clang-format checking tools is designed to check changed lines of code compared to given git-refs...## Migration Script..The migration tool is designed to reduce repetitive work in the migration process. However, the script is not aiming to convert every thing for you. There are usually some small fixes and major reconstruction required...### How To Use..To run the conversion script, first make sure you have the latest `node-addon-api` in your `node_modules` directory..```.npm install node-addon-api.```..Then run the script passing your project directory.```.node ./node_modules/node-addon-api/tools/conversion.js ./.```..After finish, recompile and debug things that are missed by the script....### Quick Fixes.Here is the list of things that can be fixed easily.. 1. Change your methods' return value to void if it doesn't return value to JavaScript.. 2. Use `.` to access attribute or to invoke member function in Napi::Object instead of `->`.. 3. `Napi::New

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\tools\check-napi.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3176
                                                                                                                                                                                                                      Entropy (8bit):4.715168207401501
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:30DFFF807DD17DB0A258056B727BCC78
                                                                                                                                                                                                                      SHA1:FAA0140EF82603F8BCFA99923F88D7787C3F51C0
                                                                                                                                                                                                                      SHA-256:9E1207808023CD998FE9E377AEFBE77D6C59FA129F94E6ACBF24907149D8C11E
                                                                                                                                                                                                                      SHA-512:6C825B5B28224007EFD005CBF65FFDB52F20400C9C80A2FE45BED375CE8862A656A30367E531315BEBC7D687C7FA35433E65975EB90DD404B42DC9C3B1152AE4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict';.// Descend into a directory structure and, for each file matching *.node, output.// based on the imports found in the file whether it's an N-API module or not...const fs = require('fs');.const path = require('path');..// Read the output of the command, break it into lines, and use the reducer to.// decide whether the file is an N-API module or not..function checkFile (file, command, argv, reducer) {. const child = require('child_process').spawn(command, argv, {. stdio: ['inherit', 'pipe', 'inherit']. });. let leftover = '';. let isNapi;. child.stdout.on('data', (chunk) => {. if (isNapi === undefined) {. chunk = (leftover + chunk.toString()).split(/[\r\n]+/);. leftover = chunk.pop();. isNapi = chunk.reduce(reducer, isNapi);. if (isNapi !== undefined) {. child.kill();. }. }. });. child.on('close', (code, signal) => {. if ((code === null && signal !== null) || (code !== 0)) {. console.log(. command + ' exited wit

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\tools\clang-format.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:a /usr/bin/env node script, ASCII text executable
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2002
                                                                                                                                                                                                                      Entropy (8bit):4.949399364905905
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:E549F9E10D94D3D9C2EF12EC461B2F79
                                                                                                                                                                                                                      SHA1:599BF11EB9272E54371B35255C68F7999FE52985
                                                                                                                                                                                                                      SHA-256:3E0B5E6D6F1A0C5ED106115871D0FD48F37BAC5554EFFDACAF8D2439F4ED0C65
                                                                                                                                                                                                                      SHA-512:FBEFE82DFC7EA9E1E13A534348145F26A5395EE0E79B1FAC445D8DB8F9C137CC80B6DE2973D22FE33906B6E166FB65E564A12235AD8DE0E4773193256E5A66D2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:#!/usr/bin/env node..const spawn = require('child_process').spawnSync;.const path = require('path');..const filesToCheck = ['*.h', '*.cc'];.const FORMAT_START = process.env.FORMAT_START || 'main';..function main (args) {. let fix = false;. while (args.length > 0) {. switch (args[0]) {. case '-f':. case '--fix':. fix = true;. break;. default:. }. args.shift();. }.. const clangFormatPath = path.dirname(require.resolve('clang-format'));. const binary = process.platform === 'win32'. ? 'node_modules\\.bin\\clang-format.cmd'. : 'node_modules/.bin/clang-format';. const options = ['--binary=' + binary, '--style=file'];. if (fix) {. options.push(FORMAT_START);. } else {. options.push('--diff', FORMAT_START);. }.. const gitClangFormatPath = path.join(clangFormatPath, 'bin/git-clang-format');. const result = spawn(. 'python',. [gitClangFormatPath, ...options, '--', ...filesToCheck],. { encoding: 'utf-8' }. );.. if (result.std

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\tools\conversion.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:a /usr/bin/env node script, ASCII text executable, with very long lines (450)
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15013
                                                                                                                                                                                                                      Entropy (8bit):5.554404836968548
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:D021B061D75659901614E8C6F87AA6C0
                                                                                                                                                                                                                      SHA1:9B916186796D7E77C067DA569FDB4F58DEAFBFD5
                                                                                                                                                                                                                      SHA-256:E089CBAD94331AD07DFB103B5D5AAFAAF99FBA89E9674D64F4F35E9DFC432357
                                                                                                                                                                                                                      SHA-512:B0E361924E70C86FAFD657D4D36F9006187B9F88DC9B1D09ACDEC1D88DA6D4E3006892DD2409E500BC538864685DF5ACEA6509DA05AC8A020659CBBF4BA60266
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:#! /usr/bin/env node..'use strict';..const fs = require('fs');.const path = require('path');..const args = process.argv.slice(2);.const dir = args[0];.if (!dir) {. console.log('Usage: node ' + path.basename(__filename) + ' <target-dir>');. process.exit(1);.}..const NodeApiVersion = require('../package.json').version;..const disable = args[1];.let ConfigFileOperations;.if (disable !== '--disable' && dir !== '--disable') {. ConfigFileOperations = {. 'package.json': [. [/([ ]*)"dependencies": {/g, '$1"dependencies": {\n$1 "node-addon-api": "' + NodeApiVersion + '",'],. [/[ ]*"nan": *"[^"]+"(,|)[\n\r]/g, '']. ],. 'binding.gyp': [. [/([ ]*)'include_dirs': \[/g, '$1\'include_dirs\': [\n$1 \'<!(node -p "require(\\\'node-addon-api\\\').include_dir")\','],. [/([ ]*)"include_dirs": \[/g, '$1"include_dirs": [\n$1 "<!(node -p \\"require(\'node-addon-api\').include_dir\\")",'],. [/[ ]*("|')<!\(node -e ("|'|\\"|\\')require\(("|'|\\"|\\')nan("|'|\\"|\\')\)("|'|

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-addon-api\tools\eslint-format.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:a /usr/bin/env node script, ASCII text executable
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2071
                                                                                                                                                                                                                      Entropy (8bit):5.018331604537307
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:25B89785C5ACDBB07279914A4E320F96
                                                                                                                                                                                                                      SHA1:C98E334CE1333889E348BBE75864C1713026F3CF
                                                                                                                                                                                                                      SHA-256:BEFBDA4868248093B1F5E4307D28F412D12FA16929CD0C07F5E2575E2635646D
                                                                                                                                                                                                                      SHA-512:9D8D0847FAC664ED450175F0F792256F3FFEA701DB5B737453B3D96B963C8E3A54F68DFF54C91E73094A6488772561A4A343D2BDA92B5625C1F43CEF2DEE9457
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:#!/usr/bin/env node..const spawn = require('child_process').spawnSync;..const filesToCheck = '*.js';.const FORMAT_START = process.env.FORMAT_START || 'main';.const IS_WIN = process.platform === 'win32';.const ESLINT_PATH = IS_WIN ? 'node_modules\\.bin\\eslint.cmd' : 'node_modules/.bin/eslint';..function main (args) {. let fix = false;. while (args.length > 0) {. switch (args[0]) {. case '-f':. case '--fix':. fix = true;. break;. default:. }. args.shift();. }.. // Check js files that change on unstaged file. const fileUnStaged = spawn(. 'git',. ['diff', '--name-only', '--diff-filter=d', FORMAT_START, filesToCheck],. {. encoding: 'utf-8'. }. );.. // Check js files that change on staged file. const fileStaged = spawn(. 'git',. ['diff', '--name-only', '--cached', '--diff-filter=d', FORMAT_START, filesToCheck],. {. encoding: 'utf-8'. }. );.. const options = [. ...fileStaged.stdout.split('\n').filter((f) =>

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1086
                                                                                                                                                                                                                      Entropy (8bit):4.663172967095987
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:86945DBFC336D6569A0FD76774951B63
                                                                                                                                                                                                                      SHA1:09D4D570F18A284AF5B8EF54E11161F03449632E
                                                                                                                                                                                                                      SHA-256:5550921902D3DFD9F197EFF2F01413E33F8D998B463DEC0E2655AF07E9E4B290
                                                                                                                                                                                                                      SHA-512:1CB4E37612018BF13AEDBA6B26103A34CDDF504EEAE3B8F64BFD5D0682838983AAA6310620944BA009CFBC448143449D6808C4122ED377B1BA16E639D0D7BEC7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "sqlite3",. "description": "Asynchronous, non-blocking SQLite3 bindings",. "version": "5.1.7-rc.0",. "homepage": "https://github.com/TryGhost/node-sqlite3",. "author": {. "name": "Mapbox",. "url": "https://mapbox.com/". },. "binary": {. "napi_versions": [. 3,. 6. ]. },. "files": [. "binding.gyp",. "deps/",. "lib/*.js",. "lib/*.d.ts",. "src/". ],. "repository": {. "type": "git",. "url": "https://github.com/TryGhost/node-sqlite3.git". },. "dependencies": {. "bindings": "^1.5.0",. "node-addon-api": "^7.0.0",. "prebuild-install": "^7.1.1",. "tar": "^6.1.11". },. "devDependencies": {. "eslint": "8.56.0",. "mocha": "10.2.0",. "prebuild": "12.1.0". },. "peerDependencies": {. "node-gyp": "8.x". },. "peerDependenciesMeta": {. "node-gyp": {. "optional": true. }. },. "optionalDependencies": {. "node-gyp": "8.x". },. "license": "BSD-3-Clause",. "main": "./lib/sqlite3",. "types": "./

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\async.h

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:C++ source, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1898
                                                                                                                                                                                                                      Entropy (8bit):4.930561121765868
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:E8C5E5C02D87E6AF4455FF2C59C3588B
                                                                                                                                                                                                                      SHA1:A0DE928C621BB9A71BA9CF002E0F0726E4DB7C0E
                                                                                                                                                                                                                      SHA-256:CCE55C56B41CB493EBD43B232FF8FFC9F5A180F5BAB2D10372ECA6780EB105F6
                                                                                                                                                                                                                      SHA-512:ED96889E0D1D5263FB8FED7A4966905B9812C007FBB04B733CADBE84EDC7179015B9967FF5F48816FF2C97ACF4A5B4792A35CEE1F8FCE23E5FDC797F8EE0C762
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:#ifndef NODE_SQLITE3_SRC_ASYNC_H.#define NODE_SQLITE3_SRC_ASYNC_H..#include <napi.h>.#include <uv.h>..#include "threading.h"..// Generic uv_async handler..template <class Item, class Parent> class Async {. typedef void (*Callback)(Parent* parent, Item* item);..protected:. uv_async_t watcher;. NODE_SQLITE3_MUTEX_t. std::vector<Item*> data;. Callback callback;.public:. Parent* parent;..public:. Async(Parent* parent_, Callback cb_). : callback(cb_), parent(parent_) {. watcher.data = this;. NODE_SQLITE3_MUTEX_INIT. uv_loop_t *loop;. napi_get_uv_event_loop(parent_->Env(), &loop);. uv_async_init(loop, &watcher, reinterpret_cast<uv_async_cb>(listener));. }.. static void listener(uv_async_t* handle) {. auto* async = static_cast<Async*>(handle->data);. std::vector<Item*> rows;. NODE_SQLITE3_MUTEX_LOCK(&async->mutex). rows.swap(async->data);. NODE_SQLITE3_MUTEX_UNLOCK(&async->mutex). fo

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\backup.h

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:C++ source, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):6882
                                                                                                                                                                                                                      Entropy (8bit):4.879154935574395
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:29DD2FCA11A4E0776C49140ECAC95CE9
                                                                                                                                                                                                                      SHA1:837CFBC391C7FAAD304E745FC48AE9693AFAF433
                                                                                                                                                                                                                      SHA-256:556BA9AF78010F41BC6B5B806743DC728BC181934BF8A7C6E5D606F9B8C7A2E9
                                                                                                                                                                                                                      SHA-512:5785667B9C49D4F4320022C98E0567A412B48A790C99569261C12B8738BDE0B4949D3998E2B375540EDE2FF1D861CAD859780ADE796B71D4D1D692E1ED449021
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:#ifndef NODE_SQLITE3_SRC_BACKUP_H.#define NODE_SQLITE3_SRC_BACKUP_H..#include "database.h"..#include <string>.#include <queue>.#include <set>..#include <sqlite3.h>.#include <napi.h>..using namespace Napi;..namespace node_sqlite3 {../**. *. * A class for managing an sqlite3_backup object. For consistency. * with other node-sqlite3 classes, it maintains an internal queue. * of calls.. *. * Intended usage from node:. *. * var db = new sqlite3.Database('live.db');. * var backup = db.backup('backup.db');. * .... * // in event loop, move backup forward when we have time.. * if (backup.idle) { backup.step(NPAGES); }. * if (backup.completed) { ... success ... }. * if (backup.failed) { ... sadness ... }. * // do other work in event loop - fine to modify live.db. * .... *. * Here is how sqlite's backup api is exposed:. *. * - `sqlite3_backup_init`: This is implemented as. * `db.backup(filename, [callback])` or. * `db.backup(filename, destDbName, sourceDbName, file

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\database.h

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:C++ source, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5152
                                                                                                                                                                                                                      Entropy (8bit):4.827269492024068
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:DE31AB62B7068AEA6CFFB22B54A435BB
                                                                                                                                                                                                                      SHA1:7FD98864C970CAA9C60CFC4CE1E77D736B5B5231
                                                                                                                                                                                                                      SHA-256:8521F458B206ED8F9BF79E2BD869DA0A35054B4BE44D6EA8C371DB207ECCB283
                                                                                                                                                                                                                      SHA-512:598491103564B024012DA39AC31F54CF39F10DA789CD5B17AF44E93042D9526B9FFD4867112C5F9755CB4ADA398BF5429F01DDA6C1BBC5137BEA545C3C88453B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.#ifndef NODE_SQLITE3_SRC_DATABASE_H.#define NODE_SQLITE3_SRC_DATABASE_H...#include <assert.h>.#include <string>.#include <queue>..#include <sqlite3.h>.#include <napi.h>..#include "async.h"..using namespace Napi;..namespace node_sqlite3 {..class Database;...class Database : public Napi::ObjectWrap<Database> {.public:.#if NAPI_VERSION < 6. static Napi::FunctionReference constructor;.#endif. static Napi::Object Init(Napi::Env env, Napi::Object exports);.. static inline bool HasInstance(Napi::Value val) {. auto env = val.Env();. Napi::HandleScope scope(env);. if (!val.IsObject()) return false;. auto obj = val.As<Napi::Object>();.#if NAPI_VERSION < 6. return obj.InstanceOf(constructor.Value());.#else. auto constructor =. env.GetInstanceData<Napi::FunctionReference>();. return obj.InstanceOf(constructor->Value());.#endif. }.. struct Baton {. napi_async_work request = NULL;. Database* db;. Napi::F

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\gcc-preinclude.h

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:C source, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):861
                                                                                                                                                                                                                      Entropy (8bit):5.4548154843713075
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:55A9165C6720727B6EC6CB815B026DEB
                                                                                                                                                                                                                      SHA1:E737E117BDEFA5838834F342D2C51E8009011008
                                                                                                                                                                                                                      SHA-256:9D4264BB1DCBEF8D927BB3A1809A01B0B89D726C217CEE99EA9CCFDC7D456B6F
                                                                                                                                                                                                                      SHA-512:79ED80377BFB576F695F271ED5200BB975F2546110267D264F0AB917F56C26ABF6D3385878285FE3E378B254AF99B59BDB8BBCAB7427788C90A0460EB2EE5B77
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:// http://web.archive.org/web/20140401031018/http://rjpower9000.wordpress.com:80/2012/04/09/fun-with-shared-libraries-version-glibc_2-14-not-found/..#if defined(__linux__)..#define _GNU_SOURCE.#include <features.h>.#undef _GNU_SOURCE..#if defined(__USE_GNU)..#if defined(__x86_64__).__asm__(".symver memcpy,memcpy@GLIBC_2.2.5");.__asm__(".symver exp,exp@GLIBC_2.2.5");.__asm__(".symver log,log@GLIBC_2.2.5");.__asm__(".symver log2,log2@GLIBC_2.2.5");.__asm__(".symver pow,pow@GLIBC_2.2.5");.__asm__(".symver fcntl64,fcntl@GLIBC_2.2.5");.#endif..#if defined(__aarch64__) || defined(_M_ARM64).__asm__(".symver memcpy,memcpy@GLIBC_2.17");.__asm__(".symver exp,exp@GLIBC_2.17");.__asm__(".symver log,log@GLIBC_2.17");.__asm__(".symver log2,log2@GLIBC_2.17");.__asm__(".symver pow,pow@GLIBC_2.17");.__asm__(".symver fcntl64,fcntl@GLIBC_2.17");.#endif..#endif.#endif.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\macros.h

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:C source, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):11168
                                                                                                                                                                                                                      Entropy (8bit):3.8120968442523697
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:B60768ED9DD86A1116E3BCC95FF9387D
                                                                                                                                                                                                                      SHA1:C057A7EEBBA8CE61E27267930A8526AB54920AA3
                                                                                                                                                                                                                      SHA-256:C25BE1861BD8E8457300B218F5FA0BBA734F9D1F92B47D3B6AB8EE7C1862CCBE
                                                                                                                                                                                                                      SHA-512:84E0670128F1D8712E703B6E4B684B904A8081886C9739C63B71962E5D465AC569B16CB0DB74CB41DC015A64DCC1E3A9A20B0CF7F54D4320713CC0F49E0F7363
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:#ifndef NODE_SQLITE3_SRC_MACROS_H.#define NODE_SQLITE3_SRC_MACROS_H..const char* sqlite_code_string(int code);.const char* sqlite_authorizer_string(int type);.#include <vector>..// TODO: better way to work around StringConcat?.#include <napi.h>.inline Napi::String StringConcat(Napi::Value str1, Napi::Value str2) {. return Napi::String::New(str1.Env(), str1.As<Napi::String>().Utf8Value() +. str2.As<Napi::String>().Utf8Value() );.}..// A Napi substitute IsInt32().inline bool OtherIsInt(Napi::Number source) {. double orig_val = source.DoubleValue();. double int_val = static_cast<double>(source.Int32Value());. if (orig_val == int_val) {. return true;. } else {. return false;. }.}..#define IS_FUNCTION(cb) \. !cb.IsUndefined() && cb.IsFunction()..#define REQUIRE_ARGUMENTS(n) \. if (info.Length() < (n)) { \. Napi::TypeError::New(env, "

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\statement.h

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:C++ source, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):6781
                                                                                                                                                                                                                      Entropy (8bit):4.730525251915133
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:0B81C9BE1DC0FF314182399CDC301AEA
                                                                                                                                                                                                                      SHA1:7433B86711D132A4DF826BAE80E58801A3EB74C9
                                                                                                                                                                                                                      SHA-256:605633BA0FB1922C16AA5FBFFFED52A097F29BF31CEE7190D810C24C02DE515B
                                                                                                                                                                                                                      SHA-512:9CF986538D048A48B9F020FC51F994F25168540DB35BDB0314744FDEC80A45BA99064BC35FE76B35918753C2886D4466FDD7E36B25838C6039F712E5AC7D81B3
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:#ifndef NODE_SQLITE3_SRC_STATEMENT_H.#define NODE_SQLITE3_SRC_STATEMENT_H..#include <cstdlib>.#include <cstring>.#include <string>.#include <queue>.#include <vector>.#include <sqlite3.h>.#include <napi.h>.#include <uv.h>..#include "database.h".#include "threading.h"..using namespace Napi;..namespace node_sqlite3 {..namespace Values {. struct Field {. inline Field(unsigned short _index, unsigned short _type = SQLITE_NULL) :. type(_type), index(_index) {}. inline Field(const char* _name, unsigned short _type = SQLITE_NULL) :. type(_type), index(0), name(_name) {}.. unsigned short type;. unsigned short index;. std::string name;.. virtual ~Field() = default;. };.. struct Integer : Field {. template <class T> inline Integer(T _name, int64_t val) :. Field(_name, SQLITE_INTEGER), value(val) {}. int64_t value;. virtual ~Integer() override = default;. };.. struct Float : Field {.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\threading.h

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:C source, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):388
                                                                                                                                                                                                                      Entropy (8bit):5.099563136480987
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:F2A075D3101C2BF109D94F8C65B4ECB5
                                                                                                                                                                                                                      SHA1:D48294AEC0B7AEB03CF5D56A9912E704B9E90BF6
                                                                                                                                                                                                                      SHA-256:E0AB4F798BCCB877548B0AB0F3D98C051B36CDE240FDF424C70ACE7DAF0FFD36
                                                                                                                                                                                                                      SHA-512:D95B5FDA6CB93874FE577439F7BD16B10EAE37B70C45AE2BD914790C1E3BA70DFB6BDA7BE79D196F2C40837D98F1005C3ED209CAB9BA346ADA9CE2ED62A87F13
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:#ifndef NODE_SQLITE3_SRC_THREADING_H.#define NODE_SQLITE3_SRC_THREADING_H..#define NODE_SQLITE3_MUTEX_t uv_mutex_t mutex;.#define NODE_SQLITE3_MUTEX_INIT uv_mutex_init(&mutex);.#define NODE_SQLITE3_MUTEX_LOCK(m) uv_mutex_lock(m);.#define NODE_SQLITE3_MUTEX_UNLOCK(m) uv_mutex_unlock(m);.#define NODE_SQLITE3_MUTEX_DESTROY uv_mutex_destroy(&mutex);..#endif // NODE_SQLITE3_SRC_THREADING_H.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\LICENSE

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1118
                                                                                                                                                                                                                      Entropy (8bit):5.132499214892249
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:216384C4C084FF996A55BE20CBD26EF3
                                                                                                                                                                                                                      SHA1:0510D5FDF8E7BF002B8396958F2240222DBB2A5A
                                                                                                                                                                                                                      SHA-256:FE0982BD7D38EE4CB08B2F111067BDEEDB9732A6621C761BCF7DD01AA6211C5A
                                                                                                                                                                                                                      SHA-512:EED68402C44F099B181EBBF43FF7EFD1DCF6791F7F35F6D386D66202BAE0DA6E7F0108FE9C3D62AF0F69989D92286FD0C307D2192DB0113B9FC857746DD01ABE
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:The MIT License (MIT)..Copyright (c) 2016-present Vincent Weevers.Copyright (c) 2002 Ted Peck..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TOR

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\bin.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:a /usr/bin/env node script, ASCII text executable
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):247
                                                                                                                                                                                                                      Entropy (8bit):4.812203692866621
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:927D799C0C996A865D11A78F04198211
                                                                                                                                                                                                                      SHA1:F5898B61159F1F56EBD3CD439B498A177D413C0A
                                                                                                                                                                                                                      SHA-256:7F69B31EFA09C6E7D442D6229E82E65F38FAEAFEDA1FBED7C5E54324AFF062E6
                                                                                                                                                                                                                      SHA-512:97E1061700F32AF28DBC946E2F3BE0358234689F9D3482B37429DC28697516916CF1FF6C7891A29B835CDD775705F432FF7F437BB67BA87D7AE81D62453407B2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:#!/usr/bin/env node.'use strict'..const vi = require('.').const files = process.argv.slice(2)..if (!files.length) {. console.error('usage: version-info <file>, ..'). process.exit(1).}..console.log(JSON.stringify(files.map(f => vi(f)), null, 2)).

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\LICENSE

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):573
                                                                                                                                                                                                                      Entropy (8bit):4.923396504178372
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:7CB552557240A921E34AD313A224D17D
                                                                                                                                                                                                                      SHA1:92AD1627269ADEFD696AC5A67131E4AF575A2CFB
                                                                                                                                                                                                                      SHA-256:7D355D1A2324C2073059FFE7EA4D96852C873E718BCC197374440DC3EFC3F7BA
                                                                                                                                                                                                                      SHA-512:B4BF90A3CD77805FC149A4112F822EE47B4F13404EE92455ECAB9DD12D796FFE81D664BF21042AE3AD6419ABF6A9DE6DF231328BE6BD8CA2426E3432D456921E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:Copyright 2011 Giovanni Dicanio <gdicanio@mvps.org>..Licensed under the Apache License, Version 2.0 (the "License"); you may not use.this file except in compliance with the License. You may obtain a copy of the.License at..http://www.apache.org/licenses/LICENSE-2.0..Unless required by applicable law or agreed to in writing, software distributed.under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR.CONDITIONS OF ANY KIND, either express or implied. See the License for the.specific language governing permissions and limitations under the License..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv.h

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:C++ source, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5067
                                                                                                                                                                                                                      Entropy (8bit):4.48832488092862
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:349864C2D1FBC9C7788CDF95C541FF52
                                                                                                                                                                                                                      SHA1:FA968F5BD6560675C26078DE4E7D52B454C778F7
                                                                                                                                                                                                                      SHA-256:7340EEA1DEF3C1D832A6F40C5022725F1704A783F7F992B71D5F3BA2DCAEB34C
                                                                                                                                                                                                                      SHA-512:5E1910C23DC08E79199FC80AB8E0C7B300E2E1BD2678D0D9171A73D8F328ADBD32021146E5E43485F64F25FCC6BD8413CE1CE3846AFD7FCF49FFE3A04D0EFBF6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview://////////////////////////////////////////////////////////////////////////.//.// FILE: utf8conv.h.//.// Header file defining prototypes of helper functions for converting.// strings between Unicode UTF-8 and UTF-16..// (The implementation file is "utf8conv_inl.h")..//.// UTF-8 text is stored in std::string; .// UTF-16 text is stored in std::wstring..//.// This code just uses Win32 Platform SDK and C++ standard library;.// so it can be used also with the Express editions of Visual Studio..//.//.// Original code: February 4th, 2011.// Last update: October 15th, 2011.//.// - Added more information to the utf8_conversion_error class.// (like the return code of ::GetLastError());.// moreover, the class now derives from std::runtime_error..//.// - Added conversion function overloads taking raw C strings as input..// (This is more efficient when there are raw C strings already.// available, because it avoids the creation of temporary.// new std::[w]string's.).//.// - UTF-8 conver

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\deps\UTF8Conversion\utf8conv_inl.h

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:C source, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):10424
                                                                                                                                                                                                                      Entropy (8bit):4.518290721744818
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:A5A0F8294DAAD33A66BF30C329157A2D
                                                                                                                                                                                                                      SHA1:02B5D7FAB93D942033FE9AE2620D1A2363914469
                                                                                                                                                                                                                      SHA-256:4955FBF455CC29D63F5DC777D3AA5172D6E1E6DF221A33808A913BDEBF5A1277
                                                                                                                                                                                                                      SHA-512:F583116ADA3F281C208A98D053FE6B580187D6922E2CEAE69917770A46F56C16444267172DB2CB0BDEF3B8012088706BA1A2203631F9FF79D2814714B25FA78B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview://////////////////////////////////////////////////////////////////////////.//.// FILE: utf8conv_inl.h.//.// by Giovanni Dicanio <gdicanio@mvps.org>.//.// Private header file containing implementations of inline functions..// The public header file for this module is "utf8conv.h";.// users should *not* #include this private header file directly..//.//////////////////////////////////////////////////////////////////////////..#pragma once...#include <string.h> // strlen()..#include <Windows.h> // Win32 Platform SDK main header....namespace utf8util {...//------------------------------------------------------------------------.// Implementation of utf8_conversion_error class methods.//------------------------------------------------------------------------..inline utf8_conversion_error::utf8_conversion_error(. const char * message,. conversion_type conversion,. error_code_type error_code. ) :. std::runtime_error(message),. m_conversion(conversion),.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\index.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):514
                                                                                                                                                                                                                      Entropy (8bit):4.662132764282314
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:E5053E64FDC67009804A42CC8BAEBF90
                                                                                                                                                                                                                      SHA1:8814EF33FE018ED0A1817E77C7ED7DDB16076137
                                                                                                                                                                                                                      SHA-256:5E591255FA35FB3650502E648FF51D6D7C7E57ADA312BD33058DA03CC412EFB3
                                                                                                                                                                                                                      SHA-512:60F941A6814DC3EFEA6A65C6DCED552D4248273E1CE57222B428F813E0AB655D13546A0951AD3C0B22ADFFC7FC40542D7667CE70D315052308EA0FA1195526F5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:'use strict'..const resolve = require('path').resolve.const isWindows = process.platform === 'win32'.const binding = isWindows ? require('node-gyp-build')(__dirname) : null..module.exports = function (file) {. if (typeof file !== 'string') {. const t = typeof file. throw new Error('win-version-info requires a string filename, got: ' + t). }.. if (file === '') {. throw new Error('win-version-info requires a non-empty string filename'). }.. return isWindows ? binding.getInfo(resolve(file)) : {}.}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\package.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):970
                                                                                                                                                                                                                      Entropy (8bit):4.738300397804529
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:87C7E4CE19F05422C4E61FC981215B09
                                                                                                                                                                                                                      SHA1:E3EEF2581693F7E3CE5B6C05A4C7546A0C589C3E
                                                                                                                                                                                                                      SHA-256:49943FE4F10DFFA4AD950BB9917B3418979AECD43AA02D4EC6B3FFE7E3E68F69
                                                                                                                                                                                                                      SHA-512:17CDC2F3DD834D517C3ABE1835ED971456B939FF4CFC7190EDB5968B676D6826119EA36F4548D3C7174A78E8E24CBA3CC41485004B544CBAAF8CED6FF688CB20
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{. "name": "win-version-info",. "version": "5.0.1",. "description": "Windows-only native addon to read version info from executables",. "license": "MIT",. "main": "index.js",. "bin": {. "win-version-info": "bin.js",. "version-info": "bin.js". },. "author": "Vincent Weevers",. "files": [. "bin.js",. "index.js",. "skip.js",. "binding.gyp",. "src",. "deps",. "prebuilds",. "CHANGELOG.md",. "UPGRADING.md". ],. "dependencies": {. "napi-macros": "^2.0.0",. "node-gyp-build": "^4.3.0". },. "devDependencies": {. "cross-env": "^7.0.3",. "hallmark": "^3.1.0",. "node-gyp": "^7.1.2",. "prebuildify": "^5.0.0",. "prebuildify-ci": "^1.0.5",. "standard": "^16.0.3",. "tape": "^5.0.0",. "win-dummy-exe": "0.0.1",. "xtend": "^4.0.1". },. "engines": {. "node": ">=10". },. "gypfile": true,. "repository": "vweevers/win-version-info",. "homepage": "https://github.com/vweevers/win-version-info".}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.node

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):198144
                                                                                                                                                                                                                      Entropy (8bit):6.595632193115652
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:CEFE26EC7ACFC362CC9312C5E13BCCC1
                                                                                                                                                                                                                      SHA1:5B8C20DEAFE5756765D35FF293B7FB65CCDCA34C
                                                                                                                                                                                                                      SHA-256:05790E8AE1C66ED2ADD027E45F7D0560AE94151B46016899C19449A65DC21F56
                                                                                                                                                                                                                      SHA-512:175435B8F3CB2F153593808EF95528B74F408F623B7EF575CA2F09BB2A147C9C272ECC5E95918CFDC19F05864238108A9131CFEEB2B2C13B8A1531CBC2A22189
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+8..JV..JV..JV..:U..JV..:S..JV..:R..JV..?R..JV..?U..JV..?S..JV..:W..JV..JW..JV."?_..JV."?V..JV."?...JV."?T..JV.Rich.JV.........................PE..L......a...........!.................h.......................................@............@.............................\.......<............................ ..L... ...p...............................@...............@...8...@....................text............................... ..`.rdata..L...........................@..@.data...L...........................@....rsrc...............................@..@.reloc..L.... ......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.node

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):255488
                                                                                                                                                                                                                      Entropy (8bit):6.3283471797462285
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:DE00E0648BB3EE003375504188D473EF
                                                                                                                                                                                                                      SHA1:A43BE3FA52B56A4E8610590AC9465AA25401FBE5
                                                                                                                                                                                                                      SHA-256:9666F8E196C798EF4419B1E6C1A8D4BDB4A399CCAB485A32A38BEF6EAEB4A384
                                                                                                                                                                                                                      SHA-512:11772462CDAEFCFAAEF1D6D19C55C6454D8402E0056552FCBF63F68B5C999939A8BE34769B5FCB74872E2D7A890C0075B35D7E23565F76D246D5D624403A15B3
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g.............9.......9...G...9...........................9..............d.......d.......d.......d.......Rich............PE..d......a.........." .....x..........8t.......................................P............`......................................... ...\...|...<....0..........d ...........@..l...@y..p...........................Pq..8...................d...@....................text...tv.......x.................. ..`.rdata...(.......*...|..............@..@.data....&..........................@....pdata..d ......."..................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc..l....@......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\skip.js

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):117
                                                                                                                                                                                                                      Entropy (8bit):4.602465970581704
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:92A4C6DC39D38AC078EC80977508FEAC
                                                                                                                                                                                                                      SHA1:EDC8D81988E99C77105ABB1455EA224FDE97D212
                                                                                                                                                                                                                      SHA-256:C12583530EDC83DCC7CACEF4A428EAEFA84C10BFE4B62C0C9707DE015E338859
                                                                                                                                                                                                                      SHA-512:3833AF1F274D3BB89776A8DC6B9FF015F5D219EBEC47F5E98BF88670E523517AD8A493B0959DD41DD6E658C230335338325E8C2BEFEA61F2F22F8E83822CCAB2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:const platform = process.env.npm_config_platform || process.platform.if (platform === 'win32') {. process.exit(1).}.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\src\showver.h

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:C source, ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):116
                                                                                                                                                                                                                      Entropy (8bit):4.781291877052868
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:6F621BA192A6FE2228EF9965757F0BC9
                                                                                                                                                                                                                      SHA1:E3625CDDDE946F5EA21E4C00BE95CAD214DA4016
                                                                                                                                                                                                                      SHA-256:2B561B980E0A01191A6C7CC1CF94C8D5C061F9F299EA256F1E7CA17250AE08BB
                                                                                                                                                                                                                      SHA-512:AB90BC30F2C23A3032334D30294AA02007E0DB180C82C6C8F0D84781203BE7C342134CC17BB2AC0C7BD89C1E5902C852AFB2D09B0C7D4DBA27F5101577491F4F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:#ifndef SHOWVER_H.#define SHOWVER_H..bool GetMetadata(wchar_t *sfnFile, napi_env env, napi_value metadata);..#endif.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\elevate.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):107520
                                                                                                                                                                                                                      Entropy (8bit):6.442687067441468
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:792B92C8AD13C46F27C7CED0810694DF
                                                                                                                                                                                                                      SHA1:D8D449B92DE20A57DF722DF46435BA4553ECC802
                                                                                                                                                                                                                      SHA-256:9B1FBF0C11C520AE714AF8AA9AF12CFD48503EEDECD7398D8992EE94D1B4DC37
                                                                                                                                                                                                                      SHA-512:6C247254DC18ED81213A978CCE2E321D6692848C64307097D2C43432A42F4F4F6D3CF22FB92610DFA8B7B16A5F1D94E9017CF64F88F2D08E79C0FE71A9121E40
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e......e......e.......zR........._...h......h.f.............h......Rich....................PE..L......W............................l........0....@.......................................@....................................P.......x.......................T.......p...............................@............0..$............................text............................... ..`.rdata...k...0...l..................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\snapshot_blob.bin

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):272982
                                                                                                                                                                                                                      Entropy (8bit):4.234290196619715
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:08C765BF4BA4206CC16E99E123F57DFB
                                                                                                                                                                                                                      SHA1:498D5DD5FE194943E59E63F3135FBA893CA419F7
                                                                                                                                                                                                                      SHA-256:640A40221B1684C5EA7C4887ADBF64FE281A6DC5F3195002824A9193E7C10BCA
                                                                                                                                                                                                                      SHA-512:5278DB9E2B04E65CE6EC3FB3B3CD81DC37DC3DBA94E042634A71FAD0AFA8B11691B13F2BFC447FCBCD29D155C9F187CCEA672310FF44DAFC4400FF792B660DC6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........P..X....11.9.169.4-electron.0............................................J...a..~z..........PJ..a........a........a2.......ar.......a8.......a............m...rm....m...2n....n....n...Ro....o....p...rp....p...2q....q..(Jb...*L.....@..F^.5..9.`.....(Jb....P.....@..F^..`.....H...IDa........Db............D`.....1.D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.......................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\v8_context_snapshot.bin

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):636225
                                                                                                                                                                                                                      Entropy (8bit):5.200768198034184
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:0FFBF3A05A1B056924081B7788FECF4B
                                                                                                                                                                                                                      SHA1:E29FC98F8FAE7BA7128F1E2C0F21F4FBA39026BC
                                                                                                                                                                                                                      SHA-256:4B259A5932453F5828CAC0BAD68B8639AC63F5078CEC1849711DC933B5A5DBE4
                                                                                                                                                                                                                      SHA-512:5C0B0D2ECCB87608E8F93F36A68BA3759E83C10E11F38C910ACB53E1003519AC5B9617A946AE0BD9DBDAAE7200FAD292FA71C2BC59622AC3951A68B3BFDA5D8C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:........6..An...11.9.169.4-electron.0....................................................G.......d..........0...a........a........a........ar.......a8.......a............m...rm....m...2n....n....n...Ro....o....p...rp....p...2q....q..(Jb...*L.....@..F^.5..9.`.....(Jb....P.....@..F^..`.....H...IDa........Db............D`.....1.D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L...............................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\vk_swiftshader.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5161984
                                                                                                                                                                                                                      Entropy (8bit):6.3620594803462724
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:739872A8FDFD9C979BC88BC40710BA00
                                                                                                                                                                                                                      SHA1:9A68890AFDDD899B09C084D2D50BBC3894FDDA74
                                                                                                                                                                                                                      SHA-256:EA3EB4945DC55DFD0022F43E8852290EF37421C68CDDEA02268509F2FB2F33B8
                                                                                                                                                                                                                      SHA-512:2AF3A229DC3422858927D98289B0FE2423F69C2EB10176A28FD4B5833E61D2B2F69E47C7844681F3127AD0CE1BEF4FE89DF39A1D81831C499339E8CEAFA8AC39
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ......>...........6......................................PP...........`A.........................................!J.~...FAJ.P.....O.......M.le............O..}....I.......................I.(...@A>.@............EJ.P............................text...G,>.......>................. ..`.rdata.......@>......2>.............@..@.data...P.... K.......K.............@....pdata..le....M..f....L.............@..@.00cfg..8....PO.......N.............@..@.gxfg....-...`O.......N.............@..@.retplne......O......:N..................tls....Y.....O......<N.............@..._RDATA..\.....O......>N.............@..@.rsrc.........O......@N.............@..@.reloc...}....O..~...FN.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\vk_swiftshader_icd.json

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):106
                                                                                                                                                                                                                      Entropy (8bit):4.724752649036734
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                                      SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                                      SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                                      SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\vulkan-1.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):948736
                                                                                                                                                                                                                      Entropy (8bit):6.590960354245508
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:1F366A987240BDB065BCCABB6665D45F
                                                                                                                                                                                                                      SHA1:C1B8E62D6A8D963EDB4A60C662FDDDD86B727448
                                                                                                                                                                                                                      SHA-256:4B3FCD25A41E5F6677337089A99EE024DA510EAE75DFEFA52B496934A9553880
                                                                                                                                                                                                                      SHA-512:333F99AC95CF62F0112760C9898A90DBE9EE0930844038B53CB8308F10A5573ED258F3211EEE5FD280210E007BF0A40ACE4D4E1959A1BE728D7FD1D9E46BF8BC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....~:e.........." ......................................................... ............`A........................................h...<!...&..P................p..............L...............................(...@...@............*...............................text...{........................... ..`.rdata..............................@..@.data...(M....... ..................@....pdata...p.......r..................@..@.00cfg..8............6..............@..@.gxfg...P).......*...8..............@..@.retplne.............b...................tls.................d..............@..._RDATA..\............f..............@..@.rsrc................h..............@..@.reloc..L............l..............@..B................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\SpiderBanner.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):9216
                                                                                                                                                                                                                      Entropy (8bit):5.5347224014600345
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:17309E33B596BA3A5693B4D3E85CF8D7
                                                                                                                                                                                                                      SHA1:7D361836CF53DF42021C7F2B148AEC9458818C01
                                                                                                                                                                                                                      SHA-256:996A259E53CA18B89EC36D038C40148957C978C0FD600A268497D4C92F882A93
                                                                                                                                                                                                                      SHA-512:1ABAC3CE4F2D5E4A635162E16CF9125E059BA1539F70086C2D71CD00D41A6E2A54D468E6F37792E55A822D7082FB388B8DFECC79B59226BBB047B7D28D44D298
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..Wy./../../....../..Wi./..Wx./..W~./..W{./..Rich./..................PE..L...T{mW...........!................p!.......0...............................p............@..........................5..o...l1..P....P.......................`.......................................................0...............................text............................... ..`.rdata.......0......................@..@.data........@......................@....rsrc........P......................@..@.reloc..d....`....... ..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\StdUtils.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):102400
                                                                                                                                                                                                                      Entropy (8bit):6.729923587623207
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:C6A6E03F77C313B267498515488C5740
                                                                                                                                                                                                                      SHA1:3D49FC2784B9450962ED6B82B46E9C3C957D7C15
                                                                                                                                                                                                                      SHA-256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
                                                                                                                                                                                                                      SHA-512:9870C5879F7B72836805088079AD5BBAFCB59FC3D9127F2160D4EC3D6E88D3CC8EBE5A9F5D20A4720FE6407C1336EF10F33B2B9621BC587E930D4CBACF337803
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q....C...C...C...C...C...C...C...C...C...C...C...C...C.[.C...C.[.C...C.[.C...C.[.C...CRich...C........................PE..L...I..[...........!.....*...b...............@.......................................+....@..........................}..d....t..........X............................................................................@...............................text....).......*.................. ..`.rdata..TC...@...D..................@..@.data...l............r..............@....rsrc...X............x..............@..@.reloc..j............~..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\System.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                                                                      Entropy (8bit):5.719859767584478
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:0D7AD4F45DC6F5AA87F606D0331C6901
                                                                                                                                                                                                                      SHA1:48DF0911F0484CBE2A8CDD5362140B63C41EE457
                                                                                                                                                                                                                      SHA-256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
                                                                                                                                                                                                                      SHA-512:C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....~.\...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\app-64.7z

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:7-zip archive data, version 0.4
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):87034109
                                                                                                                                                                                                                      Entropy (8bit):7.999995071016408
                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:23987F82279EC31726C8B40B4627AD2F
                                                                                                                                                                                                                      SHA1:BC8290FF647587741C9570A94ADA834D0166D7D4
                                                                                                                                                                                                                      SHA-256:652C97F429F10F30A59F55AAAA024248C300C2472DE531DBF2984A6E5D8CA50E
                                                                                                                                                                                                                      SHA-512:A1A8C950ED7439FD7A4E9E35E799A23CCCA1D41FDF8653C3C031CA79376486218F461136C33A2E85074E8E5A8AA23CC332A5500ADED08D744ABD98092CBC87A4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:7z..'.....>...0.....&.......9.w......]...6.....f+4IH...........(...WN4...`-.Pd6#......zZ+.Y..&v;5.i ...$$D.q..j......&S#.@.Q"..g..6...[".c.;..-9....6dv.K2...O...........Nv.F...=..... f.-.0..)m./E2.D>Q.Zf.l.._...k..".?....)d.b`.s..:.v./I.o..F|/oZ.r....6/.......N9.5.[/.)x..._C..#`."q..... .....M..>......O..ar..{....Nd.C2s....!..Y'..l.qKm..v.......b_.T..,...0H...}.j.r.....p.xa..rC..`.......o_E.....A`..x..#Y..Q..Gw-l.~.@...0a............%q.B.a..W9X8.......>j....f.......b.. bX......*.........\.y...M..<...[...++.@....U.PW...,P%..Z......G.....Qx.p.~i....O.qmN........y.?<..5h.S...a.Q...0......vt...t....U....&...<..Lol.-O.....B..q..0..._.Ngo1m..........xZ........C}.JMz.4..p{.U.eR$....LB...Fw..v.5.b..=;..?q....%..M1Q..G..0Y1.a..0].*.....k.%.Lxl.....~.....sp.?..c._......)......=.`TOQ.....1].@..AtR..5..-....#4...s...A..R.W^..*.kb.}.X......3 .m.7.s.....S...x.n.v.Xa.WP._.K..+q..*..(..@\....._K.y.........p..$.!...)x...M8...6..f....w....Q.x..B....N30.\.....xwC_..W

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\nsExec.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):6656
                                                                                                                                                                                                                      Entropy (8bit):5.155286976455086
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:EC0504E6B8A11D5AAD43B296BEEB84B2
                                                                                                                                                                                                                      SHA1:91B5CE085130C8C7194D66B2439EC9E1C206497C
                                                                                                                                                                                                                      SHA-256:5D9CEB1CE5F35AEA5F9E5A0C0EDEEEC04DFEFE0C77890C80C70E98209B58B962
                                                                                                                                                                                                                      SHA-512:3F918F1B47E8A919CBE51EB17DC30ACC8CFC18E743A1BAE5B787D0DB7D26038DC1210BE98BF5BA3BE8D6ED896DBBD7AC3D13E66454A98B2A38C7E69DAD30BB57
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,..................Rich...........PE..L....~.\...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..L.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsx353E.tmp\nsis7z.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):434176
                                                                                                                                                                                                                      Entropy (8bit):6.584811966667578
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:80E44CE4895304C6A3A831310FBF8CD0
                                                                                                                                                                                                                      SHA1:36BD49AE21C460BE5753A904B4501F1ABCA53508
                                                                                                                                                                                                                      SHA-256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
                                                                                                                                                                                                                      SHA-512:C8BA7B1F9113EAD23E993E74A48C4427AE3562C1F6D9910B2BBE6806C9107CF7D94BC7D204613E4743D0CD869E00DAFD4FB54AAD1E8ADB69C553F3B9E5BC64DF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.6a..X2..X2..X2m.[3..X2m.]3..X2Z.]3+.X2Z.\3..X2Z.[3..X2m.\3..X2m.Y3..X2..Y2..X2..\3#.X2..]3..X2..X3..X2...2..X2...2..X2..Z3..X2Rich..X2........PE..L.....\...........!......................... ...............................@............@..........................6.......7..d................................E.....................................@............ ...............................text............................... ..`.rdata..8"... ...$..................@..@.data........P... ...6..............@....rsrc................V..............@..@.reloc...E.......F...Z..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\All_Wallets.zip

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                      File Type:Zip archive data (empty)
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):22
                                                                                                                                                                                                                      Entropy (8bit):1.0476747992754052
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:76CDB2BAD9582D23C1F6F4D868218D6C
                                                                                                                                                                                                                      SHA1:B04F3EE8F5E43FA3B162981B50BB72FE1ACABB33
                                                                                                                                                                                                                      SHA-256:8739C76E681F900923B900C9DF0EF75CF421D39CABB54650C4B9AD19B6A76D85
                                                                                                                                                                                                                      SHA-512:5E2F959F36B66DF0580A94F384C5FC1CEEEC4B2A3925F062D7B68F21758B86581AC2ADCFDDE73A171A28496E758EF1B23CA4951C05455CDAE9357CC3B5A5825F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:PK....................

                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\unrealgame\07c99d60-1d13-40a5-9719-add62bd3c906.tmp

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                                                                      Entropy (8bit):5.652870938739607
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:CA5A9381FAE4068EB1F2D4355E09F4F7
                                                                                                                                                                                                                      SHA1:32498243BDE56FAD270E756E44C1CA047DB46D48
                                                                                                                                                                                                                      SHA-256:888409211B1E71F4E8FE79F33C67FB498AB516CB1E98B886C700CDE7EFBB1A53
                                                                                                                                                                                                                      SHA-512:61D15DA7DE735D43D7713D2DD66AA0AC693CC579CE1BCEB8B9B3CD34E0D26A5B597BF84855F8783008D45D58B0453FD4436A7410E7C3056B2DB95691A44CD3FC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADAiFR2PgHtR4pC9gZR5ZfTEAAAABIAAABDAGgAcgBvAG0AaQB1AG0AAAAQZgAAAAEAACAAAADImFTVgemdiLHZwu1PLG9soQZxg8+aOJijqwobOxzbUgAAAAAOgAAAAAIAACAAAABf1ZozBaUH+Jn6MAVSWY8nzyRMS5v9OvalXaLpyH0aZTAAAAA4zdNx0+GJpCU+dCGZcpsMEdfGDYhAK+fNsvv5r2m3quem5eoNSzw0/A7Tgg4CcYFAAAAAzFT2A8US0/+ApSSDyZC8QaqDdg9ZW4M44nvF2Ph2aP5ZaEO1AiYc0LJGoHRjaMOlZZxM+X1j5wZKHJvQu6sXRQ=="}}

                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\unrealgame\Local State (copy)

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):434
                                                                                                                                                                                                                      Entropy (8bit):5.652870938739607
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:
                                                                                                                                                                                                                      MD5:CA5A9381FAE4068EB1F2D4355E09F4F7
                                                                                                                                                                                                                      SHA1:32498243BDE56FAD270E756E44C1CA047DB46D48
                                                                                                                                                                                                                      SHA-256:888409211B1E71F4E8FE79F33C67FB498AB516CB1E98B886C700CDE7EFBB1A53
                                                                                                                                                                                                                      SHA-512:61D15DA7DE735D43D7713D2DD66AA0AC693CC579CE1BCEB8B9B3CD34E0D26A5B597BF84855F8783008D45D58B0453FD4436A7410E7C3056B2DB95691A44CD3FC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADAiFR2PgHtR4pC9gZR5ZfTEAAAABIAAABDAGgAcgBvAG0AaQB1AG0AAAAQZgAAAAEAACAAAADImFTVgemdiLHZwu1PLG9soQZxg8+aOJijqwobOxzbUgAAAAAOgAAAAAIAACAAAABf1ZozBaUH+Jn6MAVSWY8nzyRMS5v9OvalXaLpyH0aZTAAAAA4zdNx0+GJpCU+dCGZcpsMEdfGDYhAK+fNsvv5r2m3quem5eoNSzw0/A7Tgg4CcYFAAAAAzFT2A8US0/+ApSSDyZC8QaqDdg9ZW4M44nvF2Ph2aP5ZaEO1AiYc0LJGoHRjaMOlZZxM+X1j5wZKHJvQu6sXRQ=="}}

                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                      Entropy (8bit):7.999864638617578
                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                      File name:Yoranis Setup.exe
                                                                                                                                                                                                                      File size:87'733'089 bytes
                                                                                                                                                                                                                      MD5:b3cbd672cb20b2112488d26a6b325e69
                                                                                                                                                                                                                      SHA1:c752f280a123a30177ba1e17d770bead2c0644a9
                                                                                                                                                                                                                      SHA256:9bdec941d05ba0c0f365e2198600914d6001745cf554b8e6673d5045b7f6205d
                                                                                                                                                                                                                      SHA512:d05f023b6ba42004e9239a4bec8e9e652e6ea096a9347489342ad5a576e45c712cd79c15f20810a267675301715aeeef06c3cf372eb69222c1fcecf490c7fea2
                                                                                                                                                                                                                      SSDEEP:1572864:Zhe4h6QM19C+RetuwvQkvBGvkJciBW7MIXqCAlG1hZaUXv6:Zhe4lMDCSwvRpPndlG7Z0
                                                                                                                                                                                                                      TLSH:A11833263A9250E3F4ED53F627C4D0238ADF2DBF4FC1452A2AE921FB6575921C19C06B
                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@.

                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                      Icon Hash:06233b25a3930321

                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Entrypoint:0x40338f
                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                      Time Stamp:0x5C157F86 [Sat Dec 15 22:26:14 2018 UTC]
                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                      OS Version Major:4
                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                      File Version Major:4
                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                      Subsystem Version Major:4
                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                      Import Hash:b34f154ec913d2d2c435cbd644e91687

                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                      sub esp, 000002D4h
                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                      push edi
                                                                                                                                                                                                                      push 00000020h
                                                                                                                                                                                                                      pop edi
                                                                                                                                                                                                                      xor ebx, ebx
                                                                                                                                                                                                                      push 00008001h
                                                                                                                                                                                                                      mov dword ptr [esp+14h], ebx
                                                                                                                                                                                                                      mov dword ptr [esp+10h], 0040A2E0h
                                                                                                                                                                                                                      mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                                                                      call dword ptr [004080A8h]
                                                                                                                                                                                                                      call dword ptr [004080A4h]
                                                                                                                                                                                                                      and eax, BFFFFFFFh
                                                                                                                                                                                                                      cmp ax, 00000006h
                                                                                                                                                                                                                      mov dword ptr [0047AEECh], eax
                                                                                                                                                                                                                      je 00007F215C9112A3h
                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                      call 00007F215C914555h
                                                                                                                                                                                                                      cmp eax, ebx
                                                                                                                                                                                                                      je 00007F215C911299h
                                                                                                                                                                                                                      push 00000C00h
                                                                                                                                                                                                                      call eax
                                                                                                                                                                                                                      mov esi, 004082B0h
                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                      call 00007F215C9144CFh
                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                      call dword ptr [00408150h]
                                                                                                                                                                                                                      lea esi, dword ptr [esi+eax+01h]
                                                                                                                                                                                                                      cmp byte ptr [esi], 00000000h
                                                                                                                                                                                                                      jne 00007F215C91127Ch
                                                                                                                                                                                                                      push 0000000Ah
                                                                                                                                                                                                                      call 00007F215C914528h
                                                                                                                                                                                                                      push 00000008h
                                                                                                                                                                                                                      call 00007F215C914521h
                                                                                                                                                                                                                      push 00000006h
                                                                                                                                                                                                                      mov dword ptr [0047AEE4h], eax
                                                                                                                                                                                                                      call 00007F215C914515h
                                                                                                                                                                                                                      cmp eax, ebx
                                                                                                                                                                                                                      je 00007F215C9112A1h
                                                                                                                                                                                                                      push 0000001Eh
                                                                                                                                                                                                                      call eax
                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                      je 00007F215C911299h
                                                                                                                                                                                                                      or byte ptr [0047AEEFh], 00000040h
                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                      call dword ptr [00408044h]
                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                      call dword ptr [004082A0h]
                                                                                                                                                                                                                      mov dword ptr [0047AFB8h], eax
                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                      lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                                      push 000002B4h
                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                      push 00440208h
                                                                                                                                                                                                                      call dword ptr [00408188h]
                                                                                                                                                                                                                      push 0040A2C8h

                                                                                                                                                                                                                      Rich Headers

                                                                                                                                                                                                                      Programming Language:
                                                                                                                                                                                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x19f0000x2dd58.rsrc
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                      .text0x10000x66270x68007618d4c0cd8bb67ea9595b4266b3a91fFalse0.6646259014423077data6.450282348506287IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .rdata0x80000x14a20x1600eecac1fed9cc6b447d50940d178404d8False0.4405184659090909data5.025178929113415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .data0xa0000x70ff80x600db8f31a08a2242d80c29e1f9500c6527False0.5182291666666666data4.037117731448378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                      .ndata0x7b0000x1240000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                      .rsrc0x19f0000x2dd580x2de008c530dd2812e37a45c1ed0a67b6ad4ddFalse0.22466259366485014data4.8955900569696364IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                      RT_ICON0x19f6280x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.08976103158641903
                                                                                                                                                                                                                      RT_ICON0x1afe500x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.13509039310489804
                                                                                                                                                                                                                      RT_ICON0x1b92f80x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.16344731977818855
                                                                                                                                                                                                                      RT_ICON0x1be7800x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.16786726499763815
                                                                                                                                                                                                                      RT_ICON0x1c29a80x417fPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9886085763702511
                                                                                                                                                                                                                      RT_ICON0x1c6b280x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.2437759336099585
                                                                                                                                                                                                                      RT_ICON0x1c90d00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.3393527204502814
                                                                                                                                                                                                                      RT_ICON0x1ca1780x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.4766393442622951
                                                                                                                                                                                                                      RT_ICON0x1cab000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6187943262411347
                                                                                                                                                                                                                      RT_DIALOG0x1caf680x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                                                      RT_DIALOG0x1cb1700xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                                                      RT_DIALOG0x1cb2680xeedataEnglishUnited States0.6260504201680672
                                                                                                                                                                                                                      RT_DIALOG0x1cb3580x1fadataEnglishUnited States0.40118577075098816
                                                                                                                                                                                                                      RT_DIALOG0x1cb5580xf0dataEnglishUnited States0.6666666666666666
                                                                                                                                                                                                                      RT_DIALOG0x1cb6480xe6dataEnglishUnited States0.6565217391304348
                                                                                                                                                                                                                      RT_DIALOG0x1cb7300x1eedataEnglishUnited States0.38866396761133604
                                                                                                                                                                                                                      RT_DIALOG0x1cb9200xe4dataEnglishUnited States0.6447368421052632
                                                                                                                                                                                                                      RT_DIALOG0x1cba080xdadataEnglishUnited States0.6422018348623854
                                                                                                                                                                                                                      RT_DIALOG0x1cbae80x1eedataEnglishUnited States0.3866396761133603
                                                                                                                                                                                                                      RT_DIALOG0x1cbcd80xe4dataEnglishUnited States0.6359649122807017
                                                                                                                                                                                                                      RT_DIALOG0x1cbdc00xdadataEnglishUnited States0.6376146788990825
                                                                                                                                                                                                                      RT_DIALOG0x1cbea00x1f2dataEnglishUnited States0.39759036144578314
                                                                                                                                                                                                                      RT_DIALOG0x1cc0980xe8dataEnglishUnited States0.6508620689655172
                                                                                                                                                                                                                      RT_DIALOG0x1cc1800xdedataEnglishUnited States0.6486486486486487
                                                                                                                                                                                                                      RT_DIALOG0x1cc2600x202dataEnglishUnited States0.42217898832684825
                                                                                                                                                                                                                      RT_DIALOG0x1cc4680xf8dataEnglishUnited States0.6653225806451613
                                                                                                                                                                                                                      RT_DIALOG0x1cc5600xeedataEnglishUnited States0.6512605042016807
                                                                                                                                                                                                                      RT_GROUP_ICON0x1cc6500x84dataEnglishUnited States0.7272727272727273
                                                                                                                                                                                                                      RT_VERSION0x1cc6d80x258dataEnglishUnited States0.48833333333333334
                                                                                                                                                                                                                      RT_MANIFEST0x1cc9300x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076

                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                      KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                                                                                                                                      USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                                                                                                                                                      GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                                                                      SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                                                                                                                                                      ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                                                                                                                      COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                                                                                                      ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                      Jan 5, 2025 00:21:19.213587046 CET4976680192.168.11.20104.26.12.205
                                                                                                                                                                                                                      Jan 5, 2025 00:21:19.343116999 CET8049766104.26.12.205192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:19.343930960 CET4976680192.168.11.20104.26.12.205
                                                                                                                                                                                                                      Jan 5, 2025 00:21:19.351540089 CET4976680192.168.11.20104.26.12.205
                                                                                                                                                                                                                      Jan 5, 2025 00:21:19.480674982 CET8049766104.26.12.205192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:19.525047064 CET8049766104.26.12.205192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:19.526153088 CET4976680192.168.11.20104.26.12.205
                                                                                                                                                                                                                      Jan 5, 2025 00:21:19.656663895 CET8049766104.26.12.205192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:19.656939983 CET4976680192.168.11.20104.26.12.205
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.048038960 CET49767443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.048058987 CET44349767172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.048413038 CET49767443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.049104929 CET49767443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.049112082 CET44349767172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.317827940 CET44349767172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.318202972 CET49767443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.318212032 CET44349767172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.319256067 CET44349767172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.319983959 CET49767443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.320940018 CET49767443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.320996046 CET44349767172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.321064949 CET44349767172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.321134090 CET49767443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.321472883 CET49767443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.863323927 CET49768443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.863343000 CET44349768172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.863543987 CET49768443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.866575003 CET49768443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.866585016 CET44349768172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.133424044 CET44349768172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.133976936 CET49768443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.133987904 CET44349768172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.134943008 CET44349768172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.135144949 CET49768443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.135684967 CET49768443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.135716915 CET44349768172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.135834932 CET44349768172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.135870934 CET49768443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.136048079 CET49768443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.137664080 CET49769443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.137684107 CET44349769172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.137842894 CET49769443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.138118982 CET49769443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.138125896 CET44349769172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.406256914 CET44349769172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.406614065 CET49769443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.406621933 CET44349769172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.407598019 CET44349769172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.407768011 CET49769443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.408375025 CET49769443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.408442974 CET44349769172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.408540964 CET44349769172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.408638954 CET49769443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.408696890 CET49769443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.409951925 CET49770443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.409972906 CET44349770172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.410172939 CET49770443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.410343885 CET49770443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.410352945 CET44349770172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.676322937 CET44349770172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.676700115 CET49770443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.676716089 CET44349770172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.677999020 CET44349770172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.678320885 CET49770443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.678709030 CET49770443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.678775072 CET44349770172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.678927898 CET44349770172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.678951025 CET49770443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.679081917 CET49770443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.844907045 CET49771443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.844937086 CET4434977194.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.845319033 CET49771443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.845612049 CET49771443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.845628023 CET4434977194.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.322807074 CET4434977194.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.323199987 CET49771443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.323211908 CET4434977194.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.324176073 CET4434977194.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.324378967 CET49771443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.324882030 CET49771443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.324944973 CET4434977194.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.325026035 CET4434977194.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.325136900 CET49771443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.325184107 CET49771443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.473906994 CET49772443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.473926067 CET44349772143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.474127054 CET49772443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.474339008 CET49772443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.474349022 CET44349772143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.816174984 CET44349772143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.816639900 CET49772443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.816649914 CET44349772143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.817616940 CET44349772143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.818686962 CET49772443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.818692923 CET49772443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.818757057 CET44349772143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.818851948 CET44349772143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.819262028 CET49772443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.819262028 CET49772443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.821094036 CET49773443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.821116924 CET44349773172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.821346045 CET49773443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.821582079 CET49773443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.821594000 CET44349773172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:27.088077068 CET44349773172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:27.088521004 CET49773443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:27.088532925 CET44349773172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:27.089509010 CET44349773172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:27.089731932 CET49773443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:27.090195894 CET49773443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:27.090256929 CET44349773172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:27.090342999 CET44349773172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:27.090440035 CET49773443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:27.090493917 CET49773443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.499989986 CET49774443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.500010014 CET44349774172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.500164986 CET49774443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.500906944 CET49774443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.500919104 CET44349774172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.765810966 CET44349774172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.766343117 CET49774443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.766355038 CET44349774172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.767324924 CET44349774172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.767518997 CET49774443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.768351078 CET49774443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.768455982 CET44349774172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.820208073 CET49774443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.820219994 CET44349774172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.867300987 CET49774443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.706264019 CET55728443192.168.11.2018.173.166.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.706283092 CET4435572818.173.166.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.706509113 CET55728443192.168.11.2018.173.166.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.706715107 CET55728443192.168.11.2018.173.166.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.706722975 CET4435572818.173.166.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.971573114 CET4435572818.173.166.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.971952915 CET55728443192.168.11.2018.173.166.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.971965075 CET4435572818.173.166.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.972912073 CET4435572818.173.166.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.973078966 CET55728443192.168.11.2018.173.166.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.974343061 CET55728443192.168.11.2018.173.166.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.974421978 CET4435572818.173.166.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:34.028584957 CET55728443192.168.11.2018.173.166.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:34.028599024 CET4435572818.173.166.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:34.075946093 CET55728443192.168.11.2018.173.166.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:34.650027990 CET56842443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:34.650047064 CET4435684294.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:34.650254965 CET56842443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:34.650473118 CET56842443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:34.650481939 CET4435684294.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.130970955 CET4435684294.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.131438971 CET56842443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.131448984 CET4435684294.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.132368088 CET4435684294.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.132544994 CET56842443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.133157015 CET56842443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.133183002 CET4435684294.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.133265972 CET4435684294.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.133308887 CET56842443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.133403063 CET56842443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.134849072 CET52031443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.134867907 CET44352031143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.135015011 CET52031443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.135174990 CET52031443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.135184050 CET44352031143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.470335007 CET44352031143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.470729113 CET52031443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.470742941 CET44352031143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.471704006 CET44352031143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.471900940 CET52031443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.472433090 CET52031443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.472493887 CET44352031143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.472584009 CET44352031143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.472630978 CET52031443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.472718000 CET52031443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.474690914 CET52032443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.474709034 CET44352032172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.474879980 CET52032443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.475104094 CET52032443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.475112915 CET44352032172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.744832039 CET44352032172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.745223999 CET52032443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.745243073 CET44352032172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.746681929 CET44352032172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.746903896 CET52032443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.747421980 CET52032443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.747483015 CET44352032172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.747627020 CET44352032172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.747648954 CET52032443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.747847080 CET52032443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.877764940 CET52033443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.877794027 CET44352033172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.877994061 CET52033443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.878257990 CET52033443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:35.878272057 CET44352033172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.145612001 CET44352033172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.146025896 CET52033443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.146037102 CET44352033172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.146986961 CET44352033172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.147226095 CET52033443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.147710085 CET52033443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.147783995 CET44352033172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.147895098 CET44352033172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.147965908 CET52033443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.148081064 CET52033443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.457617998 CET59265443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.457638979 CET44359265172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.457792044 CET61452443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.457813978 CET44361452172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.457884073 CET59265443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.457997084 CET51686443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.458014011 CET443516869.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.458077908 CET61452443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.458153963 CET51686443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.458153963 CET56955443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.458172083 CET443569559.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.458378077 CET56955443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.458380938 CET59265443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.458391905 CET44359265172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.458417892 CET61452443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.458431959 CET44361452172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.458502054 CET51686443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.458513975 CET443516869.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.458520889 CET56955443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.458533049 CET443569559.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.487560034 CET65377443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.487576962 CET44365377172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.487626076 CET58070443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.487643003 CET443580709.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.487767935 CET58070443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.487768888 CET65377443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.488200903 CET58070443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.488209963 CET443580709.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.488286972 CET65377443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.488301039 CET44365377172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.721853018 CET44361452172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.722650051 CET61452443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.722661018 CET44361452172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.722866058 CET44359265172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.723246098 CET59265443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.723257065 CET44359265172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.723576069 CET44361452172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.723891020 CET61452443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.724667072 CET44359265172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.724896908 CET59265443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.725819111 CET443569559.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.726092100 CET56955443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.726103067 CET443569559.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.726491928 CET443516869.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.726753950 CET51686443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.726763010 CET443516869.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.726829052 CET443569559.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.727088928 CET56955443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.727097988 CET443569559.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.727205038 CET56955443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.727514982 CET443516869.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.727725983 CET51686443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.727731943 CET443516869.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.727828979 CET51686443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.750854969 CET44365377172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.751274109 CET65377443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.751285076 CET44365377172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.752135038 CET44365377172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.752309084 CET65377443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.756006956 CET443580709.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.756390095 CET58070443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.756448984 CET443580709.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.757427931 CET443580709.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.757781029 CET58070443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.757791996 CET443580709.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.758106947 CET58070443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.175627947 CET58071443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.175651073 CET44358071172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.175839901 CET58071443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.176014900 CET58071443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.176023960 CET44358071172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.199871063 CET62305443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.199887991 CET44362305172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.200048923 CET62305443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.200263977 CET62305443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.200272083 CET44362305172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.215958118 CET57123443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.215976000 CET443571239.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.216198921 CET57123443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.216425896 CET57123443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.216434002 CET443571239.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.263761997 CET60791443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.263777971 CET443607919.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.263921022 CET59236443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.263937950 CET44359236172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.263988018 CET60791443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.264142990 CET59236443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.264172077 CET60791443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.264182091 CET443607919.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.264264107 CET59236443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.264272928 CET44359236172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.440757990 CET44358071172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.441236973 CET58071443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.441248894 CET44358071172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.442533016 CET44358071172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.442771912 CET58071443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.443243027 CET58071443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.443284988 CET44358071172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.443384886 CET44358071172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.443474054 CET58071443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.443543911 CET58071443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.451536894 CET65304443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.451555967 CET44365304172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.451667070 CET65304443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.451920986 CET65304443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.451930046 CET44365304172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.464688063 CET44362305172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.465059996 CET62305443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.465071917 CET44362305172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.466022015 CET44362305172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.466222048 CET62305443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.476717949 CET443571239.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.477063894 CET57123443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.477073908 CET443571239.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.478034973 CET443571239.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.478288889 CET57123443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.525419950 CET443607919.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.525738001 CET60791443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.525752068 CET443607919.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.526323080 CET44359236172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.526710987 CET59236443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.526721954 CET44359236172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.527081013 CET443607919.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.527254105 CET60791443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.527265072 CET443607919.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.527435064 CET60791443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.527683020 CET44359236172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.527944088 CET59236443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.528306007 CET57123443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.528316021 CET443571239.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.544570923 CET62487443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.544590950 CET443624879.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.544867992 CET62487443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.545042038 CET62487443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.545048952 CET443624879.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.575297117 CET57123443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.715060949 CET44365304172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.715477943 CET65304443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.715490103 CET44365304172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.716415882 CET44365304172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.716666937 CET65304443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.807936907 CET443624879.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.808394909 CET62487443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.808406115 CET443624879.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.809354067 CET443624879.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.809595108 CET62487443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.809607029 CET443624879.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:37.809828997 CET62487443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.552865982 CET57446443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.552894115 CET443574469.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.553020954 CET57446443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.553263903 CET57446443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.553272963 CET443574469.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.663481951 CET52572443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.663503885 CET44352572172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.663856983 CET52572443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.664037943 CET52572443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.664043903 CET44352572172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.694622993 CET51776443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.694642067 CET443517769.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.694979906 CET51776443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.695202112 CET51776443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.695214987 CET443517769.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.740643978 CET54264443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.740662098 CET44354264172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.740782022 CET64452443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.740806103 CET44364452172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.740844011 CET54264443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.740952969 CET54264443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.740962982 CET44354264172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.741018057 CET64452443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.741103888 CET64452443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.741112947 CET44364452172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.820488930 CET443574469.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.820768118 CET57446443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.820779085 CET443574469.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.821754932 CET443574469.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.822972059 CET57446443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.822983980 CET443574469.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.824013948 CET57446443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.866823912 CET53703443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.866842985 CET443537039.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.867321968 CET53703443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.867594957 CET53703443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.867603064 CET443537039.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.925954103 CET44352572172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.926445961 CET52572443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.926456928 CET44352572172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.927385092 CET44352572172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.927582026 CET52572443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.956485987 CET443517769.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.957039118 CET51776443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.957088947 CET443517769.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.958002090 CET443517769.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:38.958175898 CET51776443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.002949953 CET44364452172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.003366947 CET64452443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.003375053 CET44364452172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.003969908 CET51776443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.003974915 CET443517769.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.004193068 CET44354264172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.004403114 CET44364452172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.004511118 CET54264443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.004522085 CET44354264172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.004664898 CET64452443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.005495071 CET44354264172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.005692005 CET54264443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.049845934 CET51776443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.129091978 CET443537039.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.129451990 CET53703443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.129462957 CET443537039.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.130422115 CET443537039.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.130599022 CET53703443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.184370995 CET53703443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.184382915 CET443537039.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:39.230645895 CET53703443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.602174997 CET58771443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.602207899 CET443587719.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.602375984 CET58771443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.602557898 CET58771443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.602566957 CET443587719.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.681581974 CET53986443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.681601048 CET44353986172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.681854010 CET53986443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.681957006 CET49926443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.681974888 CET443499269.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.682111979 CET49926443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.682252884 CET53986443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.682265997 CET44353986172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.682308912 CET49926443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.682318926 CET443499269.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.697305918 CET53298443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.697321892 CET443532989.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.697515965 CET53298443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.697715998 CET53298443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.697726011 CET443532989.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.793278933 CET57333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.793297052 CET44357333172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.793458939 CET57333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.793697119 CET57333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.793709040 CET44357333172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.866060972 CET443587719.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.866406918 CET58771443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.866417885 CET443587719.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.867372036 CET443587719.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.867574930 CET58771443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.917548895 CET58771443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.917560101 CET443587719.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.917702913 CET51694443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.917721033 CET44351694172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.917882919 CET51694443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.918031931 CET51694443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.918040991 CET44351694172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.944127083 CET443499269.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.944434881 CET49926443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.944447994 CET443499269.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.944659948 CET44353986172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.944957018 CET53986443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.944968939 CET44353986172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.945391893 CET443499269.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.945600986 CET49926443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.945611000 CET443499269.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.945717096 CET49926443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.945926905 CET44353986172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.946094990 CET53986443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.962371111 CET443532989.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.962634087 CET53298443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.962644100 CET443532989.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.963607073 CET443532989.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.963891029 CET53298443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.963898897 CET443532989.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.964034081 CET53298443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:40.965432882 CET58771443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:41.056823969 CET44357333172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:41.057418108 CET57333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:41.057426929 CET44357333172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:41.058584929 CET44357333172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:41.058778048 CET57333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:41.180008888 CET44351694172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:41.180309057 CET51694443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:41.180321932 CET44351694172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:41.181272030 CET44351694172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:41.181473970 CET51694443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:42.546998978 CET51695443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:42.547024012 CET4435169594.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:42.547310114 CET51695443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:42.547509909 CET51695443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:42.547522068 CET4435169594.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.024286985 CET4435169594.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.024703979 CET51695443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.024715900 CET4435169594.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.025711060 CET4435169594.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.025953054 CET51695443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.026480913 CET51695443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.026520967 CET4435169594.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.026628017 CET4435169594.139.32.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.026664019 CET51695443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.026738882 CET51695443192.168.11.2094.139.32.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.027796030 CET51696443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.027813911 CET44351696143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.028080940 CET51696443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.028268099 CET51696443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.028276920 CET44351696143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.363960028 CET44351696143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.364360094 CET51696443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.364367008 CET44351696143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.365278959 CET44351696143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.365452051 CET51696443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.365957975 CET51696443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.365989923 CET44351696143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.366072893 CET44351696143.244.215.221192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.366154909 CET51696443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.366205931 CET51696443192.168.11.20143.244.215.221
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.367626905 CET51697443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.367646933 CET44351697172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.367861032 CET51697443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.368017912 CET51697443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.368030071 CET44351697172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.484824896 CET59570443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.484848022 CET443595709.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.485070944 CET59570443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.485294104 CET59570443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.485304117 CET443595709.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.564379930 CET59924443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.564398050 CET443599249.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.564534903 CET59924443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.564735889 CET59924443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.564748049 CET443599249.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.636145115 CET44351697172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.636565924 CET51697443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.636576891 CET44351697172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.637499094 CET44351697172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.637691975 CET51697443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.638185978 CET51697443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.638227940 CET44351697172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.638319016 CET44351697172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.638524055 CET51697443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.638581038 CET51697443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.693594933 CET59925443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.693608046 CET44359925172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.693795919 CET59925443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.694024086 CET59925443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.694031000 CET44359925172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.746289015 CET443595709.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.746933937 CET59570443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.746946096 CET443595709.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.747931957 CET443595709.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.748133898 CET59570443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.748145103 CET443595709.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.748272896 CET59570443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.786478043 CET52944443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.786498070 CET44352944172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.786673069 CET52944443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.786833048 CET52944443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.786839962 CET44352944172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.825294971 CET443599249.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.825702906 CET59924443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.825716019 CET443599249.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.826641083 CET443599249.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.826878071 CET59924443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.826889038 CET443599249.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.827059984 CET59924443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.927253008 CET55939443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.927278042 CET44355939172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.927504063 CET55939443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.927680969 CET55939443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.927694082 CET44355939172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.958607912 CET44359925172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.959032059 CET51575443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.959042072 CET59925443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.959048033 CET443515759.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.959050894 CET44359925172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.959175110 CET51575443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.959402084 CET51575443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.959413052 CET443515759.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.960199118 CET44359925172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.960407972 CET59925443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.960915089 CET59925443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.960952044 CET44359925172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.961057901 CET44359925172.67.193.41192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.961093903 CET59925443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:43.961186886 CET59925443192.168.11.20172.67.193.41
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.049396038 CET44352944172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.049787998 CET52944443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.049801111 CET44352944172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.050740004 CET44352944172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.050915003 CET52944443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.190493107 CET44355939172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.190901041 CET55939443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.190912962 CET44355939172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.191828966 CET44355939172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.192112923 CET55939443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.220422029 CET443515759.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.220843077 CET51575443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.220854044 CET443515759.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.221795082 CET443515759.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.221987963 CET51575443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.229054928 CET62845443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.229073048 CET44362845172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.229224920 CET62845443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.229374886 CET62845443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.229382992 CET44362845172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.276746035 CET51575443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.276762009 CET443515759.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.324631929 CET51575443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.490778923 CET44362845172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.491162062 CET62845443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.491173983 CET44362845172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.492091894 CET44362845172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.492289066 CET62845443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.760198116 CET44349774172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.760240078 CET44349774172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:44.760523081 CET49774443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:46.848706007 CET443569559.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:46.848973989 CET56955443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:46.851331949 CET443516869.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:46.851492882 CET51686443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:46.893841982 CET443580709.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:46.894078970 CET58070443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:47.604736090 CET443571239.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:47.604901075 CET57123443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:47.654064894 CET443607919.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:47.654190063 CET60791443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:47.938318968 CET443624879.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:47.938468933 CET62487443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.035228968 CET51502443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.035248995 CET44351502172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.035372972 CET51502443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.035618067 CET51502443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.035629988 CET44351502172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.099152088 CET64794443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.099169970 CET443647949.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.099332094 CET61788443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.099332094 CET64794443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.099349976 CET443617889.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.099526882 CET64794443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.099538088 CET443647949.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.099611044 CET61788443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.099740982 CET61788443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.099747896 CET443617889.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.297931910 CET44351502172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.298399925 CET51502443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.298408985 CET44351502172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.299379110 CET44351502172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.299602032 CET51502443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.321012974 CET51537443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.321031094 CET443515379.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.321166039 CET51537443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.321330070 CET51537443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.321337938 CET443515379.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.362091064 CET443647949.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.362370968 CET64794443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.362385035 CET443647949.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.363298893 CET443617889.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.363534927 CET443647949.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.363646984 CET61788443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.363657951 CET443617889.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.363806963 CET64794443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.363820076 CET443647949.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.363955021 CET64794443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.364603043 CET443617889.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.364799976 CET61788443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.416735888 CET61788443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.416749001 CET443617889.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.464433908 CET61788443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.584280014 CET443515379.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.584645033 CET51537443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.584655046 CET443515379.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.585608959 CET443515379.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.585791111 CET51537443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.607743025 CET50333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.607769012 CET44350333172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.607912064 CET50333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.608140945 CET50333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.608150005 CET44350333172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.639570951 CET51537443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.639581919 CET443515379.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.655801058 CET53030443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.655826092 CET44353030172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.655978918 CET53030443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.656111956 CET53030443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.656121016 CET44353030172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.687290907 CET51537443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.869716883 CET44350333172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.870136976 CET50333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.870146036 CET44350333172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.870872974 CET44350333172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.871103048 CET50333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.918953896 CET44353030172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.919341087 CET53030443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.919349909 CET44353030172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.920034885 CET44353030172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.920337915 CET53030443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.949134111 CET443574469.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:48.949368000 CET57446443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:49.090830088 CET443517769.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:49.090961933 CET51776443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:49.257098913 CET443537039.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:49.257381916 CET53703443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:50.995601892 CET443587719.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:50.995794058 CET58771443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:51.072329044 CET443499269.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:51.072571039 CET49926443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:51.096085072 CET443532989.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:51.096244097 CET53298443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:51.718636036 CET44359265172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:51.718837023 CET59265443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:51.719577074 CET44361452172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:51.719687939 CET61452443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:51.748131037 CET44365377172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:51.748318911 CET65377443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:52.461252928 CET44362305172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:52.461448908 CET62305443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:52.524118900 CET44359236172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:52.524316072 CET59236443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:52.712464094 CET44365304172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:52.712677002 CET65304443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:53.873747110 CET443595709.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:53.873948097 CET59570443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:53.924206018 CET44352572172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:53.924442053 CET52572443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:53.953587055 CET443599249.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:53.953811884 CET59924443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:54.000912905 CET44364452172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:54.001136065 CET64452443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:54.001374006 CET44354264172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:54.001564980 CET54264443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:54.349457979 CET443515759.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:54.349642038 CET51575443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:55.942234039 CET44353986172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:55.942389965 CET53986443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:56.055382013 CET44357333172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:56.055568933 CET57333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:56.177814007 CET44351694172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:56.177916050 CET51694443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:58.494982004 CET443617889.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:58.495168924 CET61788443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:58.519857883 CET443647949.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:58.520147085 CET64794443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:58.712846994 CET443515379.9.9.9192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:58.712945938 CET51537443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:21:59.046295881 CET44352944172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:59.046431065 CET52944443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:59.187329054 CET44355939172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:59.187525034 CET55939443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:59.488219976 CET44362845172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:59.488485098 CET62845443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.052022934 CET61452443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.052092075 CET55728443192.168.11.2018.173.166.9
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.053278923 CET65377443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091605902 CET51686443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091605902 CET51776443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091617107 CET52572443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091617107 CET56955443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091630936 CET59265443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091665030 CET58070443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091682911 CET62305443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091702938 CET58771443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091712952 CET60791443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091713905 CET49926443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091713905 CET57123443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091732979 CET62487443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091763973 CET59236443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091763973 CET57446443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091789007 CET64452443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091789007 CET53298443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091790915 CET65304443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091790915 CET53703443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091813087 CET53986443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091814995 CET54264443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091837883 CET57333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091837883 CET59570443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091862917 CET51694443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091885090 CET59924443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091891050 CET62845443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091891050 CET55939443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091909885 CET52944443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091911077 CET51575443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091936111 CET64794443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091936111 CET51502443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091936111 CET61788443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091936111 CET51537443192.168.11.209.9.9.9
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091963053 CET50333443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:02.091963053 CET53030443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:29.769217968 CET49774443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:22:29.769268036 CET44349774172.64.41.3192.168.11.20

                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                      Jan 5, 2025 00:21:19.042020082 CET5407753192.168.11.201.1.1.1
                                                                                                                                                                                                                      Jan 5, 2025 00:21:19.171797037 CET53540771.1.1.1192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:23.856929064 CET5212953192.168.11.201.1.1.1
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.044799089 CET53521291.1.1.1192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.713490009 CET6308853192.168.11.201.1.1.1
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.844162941 CET53630881.1.1.1192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.327812910 CET5623753192.168.11.201.1.1.1
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.472913980 CET53562371.1.1.1192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.368310928 CET5970453192.168.11.201.1.1.1
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.368310928 CET6315953192.168.11.201.1.1.1
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.498091936 CET53631591.1.1.1192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.498296022 CET53597041.1.1.1192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.499593973 CET65147443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.631122112 CET44365147172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.631654978 CET44365147172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.631666899 CET44365147172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.632607937 CET65147443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.633071899 CET65147443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.634473085 CET65147443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.634598970 CET65147443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.634916067 CET65147443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.763828993 CET44365147172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.763839960 CET44365147172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.763849020 CET44365147172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.763855934 CET44365147172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.764386892 CET65147443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.764457941 CET65147443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.764904022 CET44365147172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.765589952 CET44365147172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.804686069 CET65147443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.893748999 CET44365147172.64.41.3192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.929733038 CET65147443192.168.11.20172.64.41.3
                                                                                                                                                                                                                      Jan 5, 2025 00:21:31.739811897 CET6262653192.168.11.201.1.1.1
                                                                                                                                                                                                                      Jan 5, 2025 00:21:32.351030111 CET536451900192.168.11.20239.255.255.250
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.352823973 CET536451900192.168.11.20239.255.255.250
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.575815916 CET5975753192.168.11.201.1.1.1
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.577282906 CET6541053192.168.11.201.1.1.1
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.705069065 CET53597571.1.1.1192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.706662893 CET6518253192.168.11.201.1.1.1
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.708007097 CET5004553192.168.11.201.1.1.1
                                                                                                                                                                                                                      Jan 5, 2025 00:21:34.353976011 CET536451900192.168.11.20239.255.255.250
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.327094078 CET5139153192.168.11.201.1.1.1
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.327094078 CET6299453192.168.11.201.1.1.1
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.456641912 CET53513911.1.1.1192.168.11.20
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.457340002 CET53629941.1.1.1192.168.11.20

                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                      Jan 5, 2025 00:21:19.042020082 CET192.168.11.201.1.1.10x6130Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:23.856929064 CET192.168.11.201.1.1.10x3c85Standard query (0)api.iwannaeatcats.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.713490009 CET192.168.11.201.1.1.10x59e8Standard query (0)api.gofile.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.327812910 CET192.168.11.201.1.1.10x1bebStandard query (0)file.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.368310928 CET192.168.11.201.1.1.10xf569Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.368310928 CET192.168.11.201.1.1.10x5e83Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:31.739811897 CET192.168.11.201.1.1.10xd486Standard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.575815916 CET192.168.11.201.1.1.10xb149Standard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.577282906 CET192.168.11.201.1.1.10x98d5Standard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.706662893 CET192.168.11.201.1.1.10xefb8Standard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.708007097 CET192.168.11.201.1.1.10x4f7fStandard query (0)c.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.327094078 CET192.168.11.201.1.1.10x4b2cStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.327094078 CET192.168.11.201.1.1.10x4a8cStandard query (0)dns.quad9.netA (IP address)IN (0x0001)false

                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                      Jan 5, 2025 00:21:19.171797037 CET1.1.1.1192.168.11.200x6130No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:19.171797037 CET1.1.1.1192.168.11.200x6130No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:19.171797037 CET1.1.1.1192.168.11.200x6130No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.044799089 CET1.1.1.1192.168.11.200x3c85No error (0)api.iwannaeatcats.com172.67.193.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:24.044799089 CET1.1.1.1192.168.11.200x3c85No error (0)api.iwannaeatcats.com104.21.20.153A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:25.844162941 CET1.1.1.1192.168.11.200x59e8No error (0)api.gofile.io94.139.32.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:26.472913980 CET1.1.1.1192.168.11.200x1bebNo error (0)file.io143.244.215.221A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.498091936 CET1.1.1.1192.168.11.200x5e83No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.498296022 CET1.1.1.1192.168.11.200xf569No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:29.498296022 CET1.1.1.1192.168.11.200xf569No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:31.869498014 CET1.1.1.1192.168.11.200xd486No error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.705069065 CET1.1.1.1192.168.11.200xb149No error (0)sb.scorecardresearch.com18.173.166.9A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.705069065 CET1.1.1.1192.168.11.200xb149No error (0)sb.scorecardresearch.com18.173.166.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.705069065 CET1.1.1.1192.168.11.200xb149No error (0)sb.scorecardresearch.com18.173.166.7A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.705069065 CET1.1.1.1192.168.11.200xb149No error (0)sb.scorecardresearch.com18.173.166.42A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.706857920 CET1.1.1.1192.168.11.200x98d5No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.836433887 CET1.1.1.1192.168.11.200xefb8No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:33.838356972 CET1.1.1.1192.168.11.200x4f7fNo error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.456641912 CET1.1.1.1192.168.11.200x4b2cNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.456641912 CET1.1.1.1192.168.11.200x4b2cNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.457340002 CET1.1.1.1192.168.11.200x4a8cNo error (0)dns.quad9.net9.9.9.9A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Jan 5, 2025 00:21:36.457340002 CET1.1.1.1192.168.11.200x4a8cNo error (0)dns.quad9.net149.112.112.112A (IP address)IN (0x0001)false

                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                      • api.ipify.org

                                                                                                                                                                                                                      HTTP Packets

                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      0192.168.11.2049766104.26.12.205804840C:\Windows\System32\curl.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Jan 5, 2025 00:21:19.351540089 CET77OUTGET / HTTP/1.1
                                                                                                                                                                                                                      Host: api.ipify.org
                                                                                                                                                                                                                      User-Agent: curl/7.55.1
                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                      Jan 5, 2025 00:21:19.525047064 CET438INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sat, 04 Jan 2025 23:21:19 GMT
                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                      Content-Length: 15
                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                      Vary: Origin
                                                                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                      CF-RAY: 8fcef6d85a4c67b7-MIA
                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=130071&min_rtt=130071&rtt_var=65035&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=77&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                      Data Raw: 31 30 32 2e 31 32 39 2e 31 35 33 2e 32 33 38
                                                                                                                                                                                                                      Data Ascii: 102.129.153.238


                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                      Start time:18:20:37
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\Yoranis Setup.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\Yoranis Setup.exe"
                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                      File size:87'733'089 bytes
                                                                                                                                                                                                                      MD5 hash:B3CBD672CB20B2112488D26A6B325E69
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                      Start time:18:20:39
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YoransSetup.exe" /FO csv | "C:\Windows\system32\find.exe" "YoransSetup.exe"
                                                                                                                                                                                                                      Imagebase:0x710000
                                                                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                      Start time:18:20:39
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                      Start time:18:20:39
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv
                                                                                                                                                                                                                      Imagebase:0x2a0000
                                                                                                                                                                                                                      File size:79'360 bytes
                                                                                                                                                                                                                      MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                      Start time:18:20:39
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\find.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\find.exe" "YoransSetup.exe"
                                                                                                                                                                                                                      Imagebase:0x3c0000
                                                                                                                                                                                                                      File size:14'848 bytes
                                                                                                                                                                                                                      MD5 hash:31D06677CD9ACA84EA2E2E8E3BF22D65
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                      Start time:18:21:14
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff661770000
                                                                                                                                                                                                                      File size:173'936'640 bytes
                                                                                                                                                                                                                      MD5 hash:19A61DB800E68F1BCB442D9B2531E6BC
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                      Start time:18:21:17
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                                      Start time:18:21:17
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                                                      Start time:18:21:17
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:11
                                                                                                                                                                                                                      Start time:18:21:18
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1664 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                                                                                                                                                                                      Imagebase:0x7ff661770000
                                                                                                                                                                                                                      File size:173'936'640 bytes
                                                                                                                                                                                                                      MD5 hash:19A61DB800E68F1BCB442D9B2531E6BC
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:12
                                                                                                                                                                                                                      Start time:18:21:18
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:13
                                                                                                                                                                                                                      Start time:18:21:18
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:14
                                                                                                                                                                                                                      Start time:18:21:18
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\curl.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:curl http://api.ipify.org/ --ssl-no-revoke
                                                                                                                                                                                                                      Imagebase:0x7ff63bcc0000
                                                                                                                                                                                                                      File size:421'376 bytes
                                                                                                                                                                                                                      MD5 hash:1C3645EBDDBE2DA6A32A5F9FB43A3C23
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:15
                                                                                                                                                                                                                      Start time:18:21:19
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:16
                                                                                                                                                                                                                      Start time:18:21:19
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:17
                                                                                                                                                                                                                      Start time:18:21:19
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:wmic bios get smbiosbiosversion
                                                                                                                                                                                                                      Imagebase:0x7ff6f0940000
                                                                                                                                                                                                                      File size:526'848 bytes
                                                                                                                                                                                                                      MD5 hash:A2EF3F0AD95FDA9262A5F9533B6DD1BD
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:18
                                                                                                                                                                                                                      Start time:18:21:20
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:19
                                                                                                                                                                                                                      Start time:18:21:20
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:20
                                                                                                                                                                                                                      Start time:18:21:20
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:wmic MemoryChip get /format:list
                                                                                                                                                                                                                      Imagebase:0x7ff6f0940000
                                                                                                                                                                                                                      File size:526'848 bytes
                                                                                                                                                                                                                      MD5 hash:A2EF3F0AD95FDA9262A5F9533B6DD1BD
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:21
                                                                                                                                                                                                                      Start time:18:21:20
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:find /i "Speed"
                                                                                                                                                                                                                      Imagebase:0x7ff6df6b0000
                                                                                                                                                                                                                      File size:17'920 bytes
                                                                                                                                                                                                                      MD5 hash:AE3F3DC3ED900F2A582BAD86A764508C
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:22
                                                                                                                                                                                                                      Start time:18:21:21
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2404 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
                                                                                                                                                                                                                      Imagebase:0x7ff661770000
                                                                                                                                                                                                                      File size:173'936'640 bytes
                                                                                                                                                                                                                      MD5 hash:19A61DB800E68F1BCB442D9B2531E6BC
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:23
                                                                                                                                                                                                                      Start time:18:21:21
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:24
                                                                                                                                                                                                                      Start time:18:21:21
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:25
                                                                                                                                                                                                                      Start time:18:21:21
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:wmic path win32_VideoController get name
                                                                                                                                                                                                                      Imagebase:0x7ff6f0940000
                                                                                                                                                                                                                      File size:526'848 bytes
                                                                                                                                                                                                                      MD5 hash:A2EF3F0AD95FDA9262A5F9533B6DD1BD
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:26
                                                                                                                                                                                                                      Start time:18:21:22
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:27
                                                                                                                                                                                                                      Start time:18:21:22
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:28
                                                                                                                                                                                                                      Start time:18:21:22
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
                                                                                                                                                                                                                      Imagebase:0x7ff7a5cf0000
                                                                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:29
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:30
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:31
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:32
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:33
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:34
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:35
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:36
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM chrome.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:37
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:38
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:39
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM msedge.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:40
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM brave.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:41
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:42
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:43
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM firefox.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:44
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:45
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:46
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM opera.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:47
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:48
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:49
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM kometa.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:50
                                                                                                                                                                                                                      Start time:18:21:23
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM orbitum.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:51
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:52
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:53
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:54
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:55
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM centbrowser.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:56
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:57
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:58
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM 7star.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:59
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:60
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:61
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:62
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM sputnik.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:63
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:64
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM vivaldi.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:65
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:66
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:67
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM epicprivacybrowser.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:68
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:69
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:70
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM uran.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:71
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM yandex.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:72
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:73
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:74
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM iridium.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:75
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:76
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:77
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:78
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:79
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist /FI "IMAGENAME eq msedge.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:80
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:81
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:82
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist /FI "IMAGENAME eq firefox.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:83
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist /FI "IMAGENAME eq chrome.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:84
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:85
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:86
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:87
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist /FI "IMAGENAME eq iexplore.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:88
                                                                                                                                                                                                                      Start time:18:21:24
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist /FI "IMAGENAME eq iexplore.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:89
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:90
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:91
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:92
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:93
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:94
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:95
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:96
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM chrome.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:97
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:98
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:99
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM msedge.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:100
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:101
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:102
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM brave.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:103
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:104
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:105
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM firefox.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:106
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM opera.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:107
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:108
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:109
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM kometa.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:110
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:111
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:112
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM orbitum.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:113
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:114
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:115
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM centbrowser.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:116
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:117
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:118
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM 7star.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:119
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM sputnik.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:120
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:121
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:122
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:123
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:124
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM vivaldi.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:125
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:126
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:127
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM epicprivacybrowser.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:128
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:129
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:130
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM uran.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:131
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:132
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM yandex.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:133
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
                                                                                                                                                                                                                      Imagebase:0x7ff7f3f30000
                                                                                                                                                                                                                      File size:2'742'376 bytes
                                                                                                                                                                                                                      MD5 hash:BB7C48CDDDE076E7EB44022520F40F77
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:134
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM iridium.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:135
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:136
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:137
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:138
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:139
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:140
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:141
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:142
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:143
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:144
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist /FI "IMAGENAME eq msedge.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:145
                                                                                                                                                                                                                      Start time:18:21:27
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:146
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist /FI "IMAGENAME eq iexplore.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:147
                                                                                                                                                                                                                      Start time:18:21:26
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist /FI "IMAGENAME eq firefox.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:148
                                                                                                                                                                                                                      Start time:18:21:27
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist /FI "IMAGENAME eq iexplore.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:149
                                                                                                                                                                                                                      Start time:18:21:27
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist /FI "IMAGENAME eq chrome.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:150
                                                                                                                                                                                                                      Start time:18:21:27
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:151
                                                                                                                                                                                                                      Start time:18:21:27
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:152
                                                                                                                                                                                                                      Start time:18:21:27
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM chrome.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:153
                                                                                                                                                                                                                      Start time:18:21:29
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
                                                                                                                                                                                                                      Imagebase:0x7ff6b9790000
                                                                                                                                                                                                                      File size:3'379'080 bytes
                                                                                                                                                                                                                      MD5 hash:40AAE14A5C86EA857FA6E5FED689C48E
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:154
                                                                                                                                                                                                                      Start time:18:21:30
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3448241921201964185,6892278070021911797,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2412 /prefetch:3
                                                                                                                                                                                                                      Imagebase:0x7ff6b9790000
                                                                                                                                                                                                                      File size:3'379'080 bytes
                                                                                                                                                                                                                      MD5 hash:40AAE14A5C86EA857FA6E5FED689C48E
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:157
                                                                                                                                                                                                                      Start time:18:21:35
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:158
                                                                                                                                                                                                                      Start time:18:21:35
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:159
                                                                                                                                                                                                                      Start time:18:21:35
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:160
                                                                                                                                                                                                                      Start time:18:21:35
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:161
                                                                                                                                                                                                                      Start time:18:21:35
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:162
                                                                                                                                                                                                                      Start time:18:21:35
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:163
                                                                                                                                                                                                                      Start time:18:21:35
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:164
                                                                                                                                                                                                                      Start time:18:21:35
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:165
                                                                                                                                                                                                                      Start time:18:21:35
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:166
                                                                                                                                                                                                                      Start time:18:21:36
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:167
                                                                                                                                                                                                                      Start time:18:21:36
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:168
                                                                                                                                                                                                                      Start time:18:21:36
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:169
                                                                                                                                                                                                                      Start time:18:21:36
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:170
                                                                                                                                                                                                                      Start time:18:21:36
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:171
                                                                                                                                                                                                                      Start time:18:21:36
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM Steam.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:172
                                                                                                                                                                                                                      Start time:18:21:37
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:173
                                                                                                                                                                                                                      Start time:18:21:37
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:174
                                                                                                                                                                                                                      Start time:18:21:37
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:taskkill /IM javaw.exe /F
                                                                                                                                                                                                                      Imagebase:0x7ff6788f0000
                                                                                                                                                                                                                      File size:101'376 bytes
                                                                                                                                                                                                                      MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:175
                                                                                                                                                                                                                      Start time:18:21:37
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:176
                                                                                                                                                                                                                      Start time:18:21:37
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:177
                                                                                                                                                                                                                      Start time:18:21:37
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:178
                                                                                                                                                                                                                      Start time:18:21:37
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:179
                                                                                                                                                                                                                      Start time:18:21:37
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:180
                                                                                                                                                                                                                      Start time:18:21:37
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:181
                                                                                                                                                                                                                      Start time:18:21:37
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:182
                                                                                                                                                                                                                      Start time:18:21:37
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:183
                                                                                                                                                                                                                      Start time:18:21:37
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:184
                                                                                                                                                                                                                      Start time:18:21:38
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:185
                                                                                                                                                                                                                      Start time:18:21:38
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:186
                                                                                                                                                                                                                      Start time:18:21:38
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:187
                                                                                                                                                                                                                      Start time:18:21:38
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                      Imagebase:0x7ff7baf60000
                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:188
                                                                                                                                                                                                                      Start time:18:21:38
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                      Imagebase:0x7ff747a80000
                                                                                                                                                                                                                      File size:875'008 bytes
                                                                                                                                                                                                                      MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:189
                                                                                                                                                                                                                      Start time:18:21:38
                                                                                                                                                                                                                      Start date:04/01/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:tasklist
                                                                                                                                                                                                                      Imagebase:0x7ff79dcb0000
                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                      No disassembly