Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
nsis-installer.exe

Overview

General Information

Sample name:nsis-installer.exe
Analysis ID:1605827
MD5:85aea19a596f59d0dbf368f99be6a139
SHA1:9fd84c0780b6555cdeed499b30e5d67071998fbc
SHA256:7a95214e7077d7324c0e8dc7d20f2a4e625bc0ac7e14b1446e37c47dff7eeb5b
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Binary contains a suspicious time stamp
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Drops PE files
Enables debug privileges
Enables security privileges
Found dropped PE file which has not been started or loaded
Installs a raw input device (often for capturing keystrokes)
May check the online IP address of the machine
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Startup Folder File Write
Uses 32bit PE files

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • nsis-installer.exe (PID: 6928 cmdline: "C:\Users\user\Desktop\nsis-installer.exe" MD5: 85AEA19A596F59D0DBF368F99BE6A139)
    • cmd.exe (PID: 7004 cmdline: cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv | %SYSTEMROOT%\System32\find.exe "SerenityTherapyInstaller.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7064 cmdline: tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • find.exe (PID: 7072 cmdline: C:\Windows\System32\find.exe "SerenityTherapyInstaller.exe" MD5: 15B158BC998EEF74CFDD27C44978AEA0)
  • SerenityTherapyInstaller.exe (PID: 2276 cmdline: "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" MD5: D05989CE9BE7EA67632845FA837299C9)
  • SerenityTherapyInstaller.exe (PID: 7084 cmdline: "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" MD5: D05989CE9BE7EA67632845FA837299C9)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\nsis-installer.exe, ProcessId: 6928, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SerenityTherapyInstaller.lnk

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Spreading
  • Networking
  • Key, Mouse, Clipboard, Microphone and Screen Capturing
  • System Summary
  • Data Obfuscation
  • Persistence and Installation Behavior
  • Boot Survival
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging
  • HIPS / PFW / Operating System Protection Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: nsis-installer.exeAvira: detected
Source: nsis-installer.exeVirustotal: Detection: 57%Perma Link
Source: nsis-installer.exeReversingLabs: Detection: 68%
Source: nsis-installer.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\nsis-installer.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cfbc383d-9aa0-5771-9485-7b806e8442d5Jump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\LICENSE.electron.txtJump to behavior
Source: nsis-installer.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb`)p) source: nsis-installer.exe, 00000000.00000003.1365987784.00000000051C3000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: nsis-installer.exe, 00000000.00000003.1418248244.0000000004C21000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0, then it is assumed to already be present on the source: nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: CLEANFILES="$CLEANFILES *.lib *.dll *.pdb *.exp" source: nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libEGL.dll.pdb source: nsis-installer.exe, 00000000.00000003.1258141945.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: nsis-installer.exe, 00000000.00000003.1359358933.00000000051C2000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1258141945.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; source: nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: nsis-installer.exe, 00000000.00000003.1407331295.00000000051CF000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1325696794.00000000067E3000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; source: nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) source: nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: nsis-installer.exe, 00000000.00000003.1365987784.00000000051C3000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** for all file descriptors with rbu_file.pDb!=0. If the argument has source: nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libEGL.dll.pdb source: nsis-installer.exe, 00000000.00000003.1258141945.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0. source: nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: nsis-installer.exe, 00000000.00000003.1313405353.0000000002F30000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1409576277.0000000004C21000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1315052374.00000000053E0000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstallerJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: unknownDNS query: name: ipinfo.io
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: nsis-installer.exe, 00000000.00000003.1330191502.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: V8.MemoryHeapUsedV8.MemoryHeapCommittedmail.google.com.gmaildrive.google.com.docsplus.google.com.plus.inbox.calendarwww.youtube.com.youtube.top10sina.com.cnfacebook.combaidu.comtwitter.comtaobao.comwikipedia equals www.youtube.com (Youtube)
Source: nsis-installer.exe, 00000000.00000003.1330191502.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: ipinfo.io
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.css
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.jpg
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1085
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1452
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1452expandIntegerPowExpressionsThe
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1512
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1637
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1936
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2046
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2152
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2152skipVSConstantRegisterZeroIn
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2273
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2894
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2978
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3027
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3045
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3246
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3246allowClearForRobustResourceInitSome
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3682
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3682allowES3OnFL100Allow
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3729
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3997
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4214
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4267
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4646
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/482
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007disableDrawBuffersIndexedDisable
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5469
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5577
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658forceGlErrorCheckingForce
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750forceRobustResourceInitForce-enable
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041forceInitShaderVariablesForce-enable
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036dumpShaderSourceWrite
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279cacheCompiledShaderEnable
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7527
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724disableAnisotropicFilteringDisable
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760enableShaderSubstitutionCheck
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761Frontend
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me)
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me/)
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007430000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1094869
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/110263
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1144207
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1165751
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1165751disableProgramBinaryDisable
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1171371
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1181068
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1181193
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/308366
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/403957
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/550292
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/565179
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/642227
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/642605
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/644669
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/650547
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/672380
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/709351
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/797243
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/809422
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/830046
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/849576
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/883276
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/927470
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/941620
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/941620allowTranslateUniformBlockToStructuredBufferThere
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007430000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007430000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007430000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
Source: nsis-installer.exe, 00000000.00000003.1418248244.0000000004C21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://int3.de/
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://istanbul-js.org/
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://n8.io/)
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org)
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org/)
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007430000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wpad/wpad.dat
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wpad/wpad.dat..
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1368866421.00000000051CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1368866421.00000000051CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.futurealoof.com)
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.software-architect.net/blog/article/date/2015/06/12/-826c6e5052.html
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4674
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4849
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5140
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5536
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246enableCaptureLimitsSet
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7405
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/upload
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gvt2.com/domainreliability/upload
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons2.gvt2.com/domainreliability/upload
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons3.gvt2.com/domainreliability/upload
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons4.gvt2.com/domainreliability/upload
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons5.gvt2.com/domainreliability/upload
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons5.gvt3.com/domainreliability/upload
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bit.ly/3rpDuEX.
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bit.ly/3rpDuEX.WebBundleURLLoaderFactory::OnResponseParsedInvalid
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.htmlMixed
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=107106
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.android.clients.google.com/
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.bigcache.googleapis.com/
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.doc-0-0-sj.sj.googleusercontent.com/
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.docs.google.com/
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.drive.google.com/
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.googlesyndication.com/
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.pack.google.com/
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.play.google.com/
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.youtube.com/
Source: nsis-installer.exe, 00000000.00000003.1410515128.0000000004C21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=am&category=theme81https://myactivity.google.com/myactivity/?u
Source: nsis-installer.exe, 00000000.00000003.1411255161.0000000004C21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=ar&category=theme81https://myactivity.google.com/myactivity/?u
Source: nsis-installer.exe, 00000000.00000003.1418248244.0000000004C21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=ur&category=theme81https://myactivity.google.com/myactivity/?u
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromestatus.com/feature/5105856067141632.
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/angle/angle/
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/domainreliability/upload
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#clear
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#table
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1038223.
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1042393
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1046462
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1060012
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1091824
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1137851
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1154140
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1300575
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1356053
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1412729
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024selectViewInGeometryShaderThe
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/619103.
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/619103.Subsequence
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/650547
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/650547callClearTwiceUsing
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/655534
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/655534useSystemMemoryForConstantBuffersCopying
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/705865
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/710443
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/811661
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/848952
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/927119
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/927119..
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/981419
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/v8/7848
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7231#section-6.4
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7238
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/blog/enabling-shared-array-buffer/
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/blog/immutable-document-domain/
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/docs/extensions/mv3/cross-origin-isolation/.
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/PerformanceResourceTiming
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://elinux.org/RPI_vcgencmd_usage
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://elinux.org/RPi_HardwareHistory
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunk
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-flush
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fetch.spec.whatwg.org/
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fetch.spec.whatwg.org/#fetch-timing-info
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gcp.gvt2.com/
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gcp.gvt6.com/
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Buzut)
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/TooTallNate/util-deprecate
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.border-boxcontent-bo
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/scheduling-apis
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/shared-element-transitions/blob/main/debugging_overflow_on_images.md.
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/view-transitions/blob/main/debugging_overflow_on_images.md
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WebAssembly/esm-integration/issues/42
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/acornjs/acorn/issues/575
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/addaleax/eventemitter-asyncresource
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/supports-color
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chromium/chromium/blob/HEAD/third_party/blink/public/platform/web_crypto_algorith
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/csy1983)
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/glegrain)
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/heycam/webidl/pull/946.
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/unique-filename
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/unique-filename.git
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/wide-align
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/color-support.
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/minipass.git
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/node-tar.git
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/yallist.git
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/lapsio)
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/pump
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-fs
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-fs.git
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-stream
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-stream.git
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mikeal/tunnel-agent
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/abort-controller
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/13581
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/34532
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35862
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/39707
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/39758
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/32887
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34385
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35941
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38614)
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/43714
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/44952
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/46161
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-semver.git
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/blob/51b6627a1f357d2eb433e7378e5f05e83b7aa6cd/lib/header.js#L349
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/issues/183
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/pull/187
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/wrappy
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/richy24)
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/sindresorhus
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.v8.produceCachev8.produceModuleCacheV8.ProduceCodeC
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/LdLk22
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/LdLk22MEDIA_ELEMENT_ERROR:
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/LdLk22Media
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/t5IS6M).
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/xX8pDD
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/xX8pDDplay()
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/ximf56
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/ximf56Iframe
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gle/chrome-insecure-origins
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-analytics.com/
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://googlevideo.com/
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gvt1.com/
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gvt2.com/
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gvt6.com/
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#Replaceable
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903emulatePixelLocalStorageEmulate
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007430000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jimmy.warting.se/opensource
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://no-color.org/
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/http.html#http_class_http_incomingmessage
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/en/docs/inspector
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/en/docs/inspectorFor
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/static/images/favicons/favicon.ico
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/static/images/favicons/favicon.icofaviconUrldevtoolsFrontendUrldevtoolsFrontendUr
Source: nsis-installer.exe, 00000000.00000003.1410515128.0000000004C21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwords.google.com
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://semver.org/
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com)
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourcemaps.info/spec.html
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: nsis-installer.exe, 00000000.00000003.1411255161.0000000004C21000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1418248244.0000000004C21000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1410515128.0000000004C21000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1412661130.0000000004C21000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1413801256.0000000004C21000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1419058307.000000000074B000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1410060280.0000000000756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: nsis-installer.exe, 00000000.00000003.1411255161.0000000004C21000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1410515128.0000000004C21000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1412661130.0000000004C21000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1413801256.0000000004C21000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1410060280.0000000000756000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-timeclip
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#table-typeof-operator-results
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://testanything.org/tap-version-14-specification.html
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://testanything.org/tap-version-14-specification.html#subtests
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc6455#section-1.3
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#url
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#url-serializing
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dfn-mark-resource-timing
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dfn-setup-the-resource-timing-entry
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dom-performance-setresourcetimingbuffersize
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webassembly.github.io/spec/web-api
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#es-dictionary
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wiki.ubuntuusers.de/lsblk/
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/4664843055398912
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5738264052891648
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dmtf.org/sites/default/files/standards/documents/DSP0134_3.4.0a.pdf
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-term
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.inetdaemon.com/tutorials/internet/ip/routing/default_route.shtml
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.raspberrypi.org/documentation/hardware/raspberrypi/revision-codes/README.md
Source: nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/.
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: RegisterRawInputDevices() failed for RIDEV_REMOVE memstr_511eb1ea-5
Source: C:\Users\user\Desktop\nsis-installer.exeProcess token adjusted: SecurityJump to behavior
Source: nsis-installer.exeStatic PE information: invalid certificate
Source: nsis-installer.exe, 00000000.00000003.1365987784.00000000051C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dllb! vs nsis-installer.exe
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dllb! vs nsis-installer.exe
Source: nsis-installer.exe, 00000000.00000003.1407331295.00000000051CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevk_swiftshader.dll, vs nsis-installer.exe
Source: nsis-installer.exe, 00000000.00000003.1418248244.0000000004C21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameElevate.exeH vs nsis-installer.exe
Source: nsis-installer.exe, 00000000.00000003.1357573376.00000000051C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs nsis-installer.exe
Source: nsis-installer.exe, 00000000.00000003.1325696794.00000000067E3000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevk_swiftshader.dll, vs nsis-installer.exe
Source: nsis-installer.exe, 00000000.00000003.1258141945.0000000006730000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibEGL.dllb! vs nsis-installer.exe
Source: nsis-installer.exe, 00000000.00000003.1258141945.0000000006730000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs nsis-installer.exe
Source: nsis-installer.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal56.winEXE@10/101@1/0
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7012:120:WilError_03
Source: C:\Users\user\Desktop\nsis-installer.exeMutant created: \Sessions\1\BaseNamedObjects\cfbc383d-9aa0-5771-9485-7b806e8442d5
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsrA5F5.tmpJump to behavior
Source: nsis-installer.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SERENITYTHERAPYINSTALLER.EXE'
Source: C:\Users\user\Desktop\nsis-installer.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: nsis-installer.exe, 00000000.00000003.1330191502.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: nsis-installer.exe, 00000000.00000003.1330191502.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: nsis-installer.exe, 00000000.00000003.1330191502.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: nsis-installer.exe, 00000000.00000003.1330191502.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Selector or media text is not valid.Source range didn't match existing source rangeSource range didn't match existing style source rangeKeyframe key text is not valid.Style text is not valid.Selector or container query text is not valid.CQ Source range didn't match existing style source rangeSelector or supports rule text is not valid.Supports source range didn't match existing source rangeSelector or scope rule text is not valid.Scope source range didn't match existing source range' could not be added in style sheet.The rule '' could not be added in media rule.Cannot insert rule inside rule selector.Cannot insert rule in non-media rule.Source range must be collapsed.Rule text is not valid.Style is read-only.No style rule could be found in given range.No parent stylesheet could be found.Cannot remove rule from non-media rule./\*[^]*?\*/: none; }-webkit-boguz-propertee { -webkit-boguz-propertee : none; } }@keyframes boguzAnim { div {: none; } } { div { @media @container @scope -moz--o--ms-"' %
Source: nsis-installer.exe, 00000000.00000003.1330191502.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: nsis-installer.exe, 00000000.00000003.1330191502.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: nsis-installer.exeVirustotal: Detection: 57%
Source: nsis-installer.exeReversingLabs: Detection: 68%
Source: C:\Users\user\Desktop\nsis-installer.exeFile read: C:\Users\user\Desktop\nsis-installer.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\nsis-installer.exe "C:\Users\user\Desktop\nsis-installer.exe"
Source: C:\Users\user\Desktop\nsis-installer.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv | %SYSTEMROOT%\System32\find.exe "SerenityTherapyInstaller.exe"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe C:\Windows\System32\find.exe "SerenityTherapyInstaller.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe"
Source: C:\Users\user\Desktop\nsis-installer.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv | %SYSTEMROOT%\System32\find.exe "SerenityTherapyInstaller.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe C:\Windows\System32\find.exe "SerenityTherapyInstaller.exe"Jump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: ulib.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: fsutilext.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv
Source: C:\Users\user\Desktop\nsis-installer.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cfbc383d-9aa0-5771-9485-7b806e8442d5Jump to behavior
Source: nsis-installer.exeStatic file information: File size 78057262 > 1048576
Source: nsis-installer.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb`)p) source: nsis-installer.exe, 00000000.00000003.1365987784.00000000051C3000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: nsis-installer.exe, 00000000.00000003.1418248244.0000000004C21000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0, then it is assumed to already be present on the source: nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: CLEANFILES="$CLEANFILES *.lib *.dll *.pdb *.exp" source: nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libEGL.dll.pdb source: nsis-installer.exe, 00000000.00000003.1258141945.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: nsis-installer.exe, 00000000.00000003.1359358933.00000000051C2000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1258141945.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; source: nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: nsis-installer.exe, 00000000.00000003.1407331295.00000000051CF000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1325696794.00000000067E3000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; source: nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) source: nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: nsis-installer.exe, 00000000.00000003.1365987784.00000000051C3000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** for all file descriptors with rbu_file.pDb!=0. If the argument has source: nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libEGL.dll.pdb source: nsis-installer.exe, 00000000.00000003.1258141945.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0. source: nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: nsis-installer.exe, 00000000.00000003.1313405353.0000000002F30000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1409576277.0000000004C21000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1315052374.00000000053E0000.00000004.00001000.00020000.00000000.sdmp
Source: d3dcompiler_47.dll.0.drStatic PE information: 0xBEBD7FD7 [Fri May 29 01:54:31 2071 UTC]
Source: libEGL.dll.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .00cfg
Source: SerenityTherapyInstaller.exe.0.drStatic PE information: section name: .00cfg
Source: SerenityTherapyInstaller.exe.0.drStatic PE information: section name: .rodata
Source: SerenityTherapyInstaller.exe.0.drStatic PE information: section name: CPADinfo
Source: SerenityTherapyInstaller.exe.0.drStatic PE information: section name: malloc_h
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll0.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll0.0.drStatic PE information: section name: .00cfg
Source: SerenityTherapyInstaller.exe0.0.drStatic PE information: section name: .00cfg
Source: SerenityTherapyInstaller.exe0.0.drStatic PE information: section name: .rodata
Source: SerenityTherapyInstaller.exe0.0.drStatic PE information: section name: CPADinfo
Source: SerenityTherapyInstaller.exe0.0.drStatic PE information: section name: malloc_h
Source: vk_swiftshader.dll0.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll0.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .00cfg
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\SerenityTherapyInstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SerenityTherapyInstaller.lnkJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\nsis-installer.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstallerJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (lines.indexOf('VRTUAL') >= 0 || lines.indexOf('A M I ') >= 0 || lines.indexOf('VirtualBox') >= 0 || lines.indexOf('VMWare') >= 0 || lines.indexOf('Xen') >= 0 || lines.indexOf('Parallels') >= 0) {
Source: nsis-installer.exe, 00000000.00000003.1330191502.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware Virtual Webcam
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: result.virtualHost = 'Hyper-V';
Source: nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: const stdout = execSync('dmesg 2>/dev/null | grep -iE "virtual|hypervisor" | grep -iE "vmware|qemu|kvm|xen" | grep -viE "Nested Virtualization|/virtual/"');
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (str.indexOf('tcg') >= 0) { result = 'QEMU'; }
Source: nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (lines.indexOf('VMware') >= 0 && !result.virtualHost) {
Source: nsis-installer.exe, 00000000.00000003.1330191502.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware Virtual WebcamMedia.VideoCapture.BlacklistedDeviceGoogle Camera AdapterIP Camera [JPEG/MJPEG]CyberLink Webcam SplitterEpocCamWebcamMax..\..\media\capture\video\video_capture_metrics.ccDevice supports Media.VideoCapture.Device.SupportedPixelFormatMedia.VideoCapture.Device.SupportedResolution
Source: nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: case 'vmware':
Source: nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (stdout.toString().toLowerCase().indexOf('vmware') >= 0 && !result.virtualHost) {
Source: nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (model.startsWith('vmware')) { result.virtualHost = 'VMware'; }
Source: nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (manufacturer.startsWith('vmware') || manufacturer.startsWith('qemu') || manufacturer === 'xen' || manufacturer.startsWith('parallels')) {
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (str.indexOf('qemu') >= 0) { result = 'QEMU'; }
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (manufacturer.startsWith('qemu')) { result.virtualHost = 'KVM'; }
Source: nsis-installer.exe, 00000000.00000003.1258141945.0000000006730000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tga
Source: nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (manufacturer.startsWith('vmware')) { result.virtualHost = 'VMware'; }
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: (IsLinux() && isVMWare) || (IsAndroid() && isNvidia) || (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) || (IsAndroid() && IsMaliT8xxOrOlder(functions)) || (IsAndroid() && IsMaliG31OrOlder(functions))
Source: nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: result.virtualHost = 'VMware';
Source: nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (model === 'virtualbox' || model === 'kvm' || model === 'virtual machine' || model === 'bochs' || model.startsWith('vmware') || model.startsWith('qemu') || model.startsWith('parallels')) {
Source: nsis-installer.exe, 00000000.00000003.1419650488.000000000073D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Ou8-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}ut
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (stdout.toString().toLowerCase().indexOf('qemu') >= 0 && !result.virtualHost) {
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (model.startsWith('qemu')) { result.virtualHost = 'KVM'; }
Source: nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (result.model.toLowerCase() === 'virtualbox' || result.model.toLowerCase() === 'kvm' || result.model.toLowerCase() === 'virtual machine' || result.model.toLowerCase() === 'bochs' || result.model.toLowerCase().startsWith('vmware') || result.model.toLowerCase().startsWith('droplet')) {
Source: nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (result.manufacturer.toLowerCase().startsWith('vmware') || result.manufacturer.toLowerCase() === 'xen') {
Source: nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: result.virtualHost = 'VMware';
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: result.virtualHost = 'QEMU';
Source: nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: result.virtualHost = 'VMware';
Source: nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: IIAMDARMAppleBroadcomGoogleIntelMesaMicrosoftNVIDIAImagination TechnologiesQualcommSamsung Electronics Co., Ltd.VivanteVMwareVirtIOTest
Source: nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (str.indexOf('vmware') >= 0) { result = 'VMware'; }
Source: nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: case 'vmware':
Source: nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (disksById.indexOf('_QEMU_') >= 0) {
Source: nsis-installer.exe, 00000000.00000003.1258141945.0000000006730000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware Screen Codec / VMware Video
Source: C:\Users\user\Desktop\nsis-installer.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv | %SYSTEMROOT%\System32\find.exe "SerenityTherapyInstaller.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe C:\Windows\System32\find.exe "SerenityTherapyInstaller.exe"Jump to behavior
Source: nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ..\..\third_party\webrtc\modules\desktop_capture\win\window_capture_utils.ccFail to create instance of VirtualDesktopManagerChrome_WidgetWin_ProgmanWindowsDeleteStringWindowsCreateString
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\ VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Windows Management Instrumentation		1
Windows Service		1
Windows Service		1
Masquerading		11
Input Capture		1
Security Software Discovery		Remote Services11
Input Capture		1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		12
Process Injection		1
Disable or Modify Tools		LSASS Memory3
Process Discovery		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		12
Process Injection		Security Account Manager1
System Network Configuration Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		1
Timestomp		NTDS2
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets23
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1605827 Sample: nsis-installer.exe Startdate: 03/02/2025 Architecture: WINDOWS Score: 56 31 ipinfo.io 2->31 33 Antivirus / Scanner detection for submitted sample 2->33 35 Multi AV Scanner detection for submitted file 2->35 8 nsis-installer.exe 12 195 2->8         started        11 SerenityTherapyInstaller.exe 1 2->11         started        13 SerenityTherapyInstaller.exe 1 2->13         started        signatures3 process4 file5 23 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 8->23 dropped 25 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 8->25 dropped 27 C:\Users\user\AppData\Local\...\System.dll, PE32 8->27 dropped 29 17 other files (none is malicious) 8->29 dropped 15 cmd.exe 1 8->15         started        process6 process7 17 conhost.exe 15->17         started        19 tasklist.exe 1 15->19         started        21 find.exe 1 15->21         started       

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
nsis-installer.exe58%VirustotalBrowse
nsis-installer.exe68%ReversingLabsWin32.Trojan.Malgent
nsis-installer.exe100%AviraTR/Scar.rdobz

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vulkan-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\SerenityTherapyInstaller.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\resources\elevate.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\vulkan-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\SpiderBanner.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\StdUtils.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\nsExec.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\nsis7z.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://elinux.org/RPI_vcgencmd_usage0%Avira URL Cloudsafe
http://www.software-architect.net/blog/article/date/2015/06/12/-826c6e5052.html0%Avira URL Cloudsafe
http://istanbul-js.org/0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ipinfo.io
34.117.59.81
truefalse
    		high
    NameSourceMaliciousAntivirus DetectionReputation
    https://url.spec.whatwg.org/#concept-url-originnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      https://tools.ietf.org/html/rfc6455#section-1.3nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
        		high
        https://www.ecma-international.org/ecma-262/8.0/#sec-atomescapensis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          https://support.google.com/chrome/answer/6098869nsis-installer.exe, 00000000.00000003.1411255161.0000000004C21000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1410515128.0000000004C21000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1412661130.0000000004C21000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1413801256.0000000004C21000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1410060280.0000000000756000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://anglebug.com/4633nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://anglebug.com/7382nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://www.ecma-international.org/ecma-262/8.0/#prod-Atomnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  https://github.com/nodejs/node/pull/35941nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://console.spec.whatwg.org/#tablensis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      https://docs.google.com/nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://crbug.com/1356053nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://elinux.org/RPI_vcgencmd_usagensis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1248722323.0000000006730000.00000004.00001000.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://encoding.spec.whatwg.org/#textencodernsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/tc39/proposal-weakrefsnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://goo.gl/t5IS6M).nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                http://crbug.com/110263nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertionnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.jsnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://tc39.github.io/ecma262/#sec-%iteratorprototype%-objectnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://url.spec.whatwg.org/#concept-urlencoded-serializernsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          http://anglebug.com/6929nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://semver.org/nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://nodejs.org/api/fs.htmlnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://anglebug.com/7246nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://anglebug.com/7369nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://anglebug.com/7489nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://bit.ly/3rpDuEX.nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://crbug.com/593024nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.midnight-commander.org/browser/lib/tty/key.cnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://nodejs.org/nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://tools.ietf.org/html/rfc7540#section-8.1.2.5nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digitsnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscapensis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://c.docs.google.com/nsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetternsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://tc39.es/ecma262/#sec-timeclipnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://issuetracker.google.com/161903006nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://crbug.com/1300575nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://github.com/nodejs/node/pull/33661nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://crbug.com/710443nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://istanbul-js.org/nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://github.com/WICG/scheduling-apisnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://crbug.com/1060012nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://code.google.com/p/chromium/issues/detail?id=25916nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://anglebug.com/3997nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://anglebug.com/4722nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://crbug.com/642605nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://fetch.spec.whatwg.org/#fetch-timing-infonsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://anglebug.com/1452nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://webassembly.github.io/spec/web-apinsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://github.com/nodejs/node/pull/12607nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.ecma-international.org/ecma-262/#sec-line-terminatorsnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txtnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://crbug.com/650547callClearTwiceUsingnsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://github.com/npm/node-tar/issues/183nsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://html4/loose.dtdnsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://anglebug.com/3502nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://anglebug.com/3623nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://anglebug.com/3625nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://anglebug.com/3624nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://beacons.gcp.gvt2.com/domainreliability/uploadnsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://anglebug.com/2894nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://anglebug.com/3862nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://anglebug.com/4836nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://issuetracker.google.com/issues/166475273nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://developer.chrome.com/docs/extensions/mv3/cross-origin-isolation/.nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtomnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://heycam.github.io/webidl/#es-iterable-entriesnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://heycam.github.io/webidl/#es-interfacesnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaquensis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://github.com/nodejs/node/issuesnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigitsnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunknsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://tc39.github.io/ecma262/#sec-object.prototype.tostringnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://url.spec.whatwg.org/#urlsearchparamsnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://anglebug.com/3970nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://heycam.github.io/webidl/#Replaceablensis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://github.com/nodejs/node/pull/30380#issuecomment-552948364nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setintervalnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://heycam.github.io/webidl/#dfn-class-stringnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://heycam.github.io/webidl/#dfn-iterator-prototype-objectnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://.jpgnsis-installer.exe, 00000000.00000003.1342549942.00000000076CF000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://datatracker.ietf.org/doc/html/rfc7238nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://github.com/nodejs/node/pull/38614)nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://nodejs.org/static/images/favicons/favicon.icofaviconUrldevtoolsFrontendUrldevtoolsFrontendUrnsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://anglebug.com/5901nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://github.com/nodejs/node/issues/10673nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://www.software-architect.net/blog/article/date/2015/06/12/-826c6e5052.htmlnsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.1251236047.0000000006B30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://nodejs.org/en/docs/inspectorFornsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://xhr.spec.whatwg.org/.nsis-installer.exe, 00000000.00000003.1342549942.0000000007577000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://anglebug.com/3965nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://anglebug.com/7161nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://github.com/nodejs/node/pull/32887nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://anglebug.com/7162nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://anglebug.com/3729nsis-installer.exe, 00000000.00000003.1265869258.0000000005CE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-objectnsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://github.com/nodejs/node/issues/19009nsis-installer.exe, 00000000.00000003.1336627311.0000000006F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://sindresorhus.comnsis-installer.exe, 00000000.00000003.1416196836.00000000051CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high

                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                      No contacted IP infos

                                                                                                                                                                                                      General Information

                                                                                                                                                                                                      Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                      Analysis ID:1605827
                                                                                                                                                                                                      Start date and time:2025-02-03 19:02:22 +01:00
                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                      Overall analysis duration:0h 7m 40s
                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                      Number of analysed new started processes analysed:18
                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                      Sample name:nsis-installer.exe
                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                      Classification:mal56.winEXE@10/101@1/0
                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 184.28.90.27, 4.245.163.56
                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtQueryVolumeInformationFile calls found.

                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                      13:03:04API Interceptor13x Sleep call for process: nsis-installer.exe modified

                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                      IPs

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      Domains

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      ipinfo.iohttps://form-fe.case-update324.me/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 34.117.59.81
                                                                                                                                                                                                      r4on95CC7X.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                      • 34.117.59.81
                                                                                                                                                                                                      https://bellsales.github.io/loginGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                      • 34.117.59.81
                                                                                                                                                                                                      https://rechazartransferenciabdb.glitch.me/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 34.117.59.81
                                                                                                                                                                                                      https://ipfs.io/ipfs/bafybeif3aex43feh7oyqom2mwas2mvmwyueanoiqi36qa6ttl3fvrj2s3u/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 34.117.59.81
                                                                                                                                                                                                      ZArjBxb2CO.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                      • 34.117.59.81
                                                                                                                                                                                                      https://ipfs.io/ipfs/bafybeid6tjglb257r22luzrxejc72ougo4co3wky3g5aiy3b4nmq2kmedi?login=milano@iesweb.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 34.117.59.81
                                                                                                                                                                                                      tFBWUkRJuZ.exeGet hashmaliciousDCRat, ReverseShellBrowse
                                                                                                                                                                                                      • 34.117.59.81
                                                                                                                                                                                                      hRZlqbIrp0.exeGet hashmaliciousDCRat, PureLog Stealer, ReverseShell, zgRATBrowse
                                                                                                                                                                                                      • 34.117.59.81
                                                                                                                                                                                                      https://retrothreadsa.xyz/Get hashmaliciousPayPal PhisherBrowse
                                                                                                                                                                                                      • 34.117.59.81

                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\d3dcompiler_47.dllAirtame-4.11.0-setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        SecuriteInfo.com.Win32.Trojan-Downloader.Generic.XVN7C1.21480.14818.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          SecuriteInfo.com.Win32.Trojan-Downloader.Generic.XVN7C1.21480.14818.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            HDKuOe.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              HDKuOe.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                                                                                                                                                                                                                  file.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                                        5GOuTtZoQn.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse

                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\LICENSE.electron.txt

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1096
                                                                                                                                                                                                                          Entropy (8bit):5.13006727705212
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                                                                          MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                                                                          SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                                                                          SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                                                                          SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                                          Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\LICENSES.chromium.html

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:HTML document, ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):8312662
                                                                                                                                                                                                                          Entropy (8bit):4.705814170451806
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24576:dbTy6TU675kfWScRQfJw91SmfJB6i6e6R626X8HHdE/pG6:tygpj
                                                                                                                                                                                                                          MD5:312446EDF757F7E92AAD311F625CEF2A
                                                                                                                                                                                                                          SHA1:91102D30D5ABCFA7B6EC732E3682FB9C77279BA3
                                                                                                                                                                                                                          SHA-256:C2656201AC86438D062673771E33E44D6D5E97670C3160E0DE1CB0BD5FBBAE9B
                                                                                                                                                                                                                          SHA-512:DCE01F2448A49A0E6F08BBDE6570F76A87DCC81179BB51D5E2642AD033EE81AE3996800363826A65485AB79085572BBACE51409AE7102ED1A12DF65018676333
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title" style="float:left;">Credits</span>.<a id="print-link" href="#" style="float:right;" hidden>Print</a>.<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.<div class="licence">.<pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-u.ac.jp)..You may us

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):138321408
                                                                                                                                                                                                                          Entropy (8bit):6.983404833838794
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:1572864:m4sMLl/BkZTVV2iplzf+ekzrMdTOG0AfhgojwlwVgmPQtn06H9rejAEdCoIZXCVb:/l/BkVVPBDgmPKa5Wnu3X7
                                                                                                                                                                                                                          MD5:D05989CE9BE7EA67632845FA837299C9
                                                                                                                                                                                                                          SHA1:359843B36A73C0D1D513B8684A2F83AF34CE96A2
                                                                                                                                                                                                                          SHA-256:DF4030369CA29744F74BC4932A4FFD0537D41796C9D913623DE0D6214EC39D91
                                                                                                                                                                                                                          SHA-512:BEF82D9FB46849489FB87E8C5DBDE7A86DDDF2A1DCE39E752A30992258C7E01C990384D918BE99B4F51B285E77CA6ADC820948CAB6BBD12140B4F806578C5817
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."......"...h.......L|...........@.......................... w...........@.............................$.......h.....5.......................7..?..........................+......XO..............d...8...D........................text...B!.......".................. ..`.rdata..DWK..@...XK..&..............@..@.data.....=..........~..............@....00cfg........5......j..............@..@.rodata.`.....5......l.............. ..`.tls..........5......v..............@...CPADinfo(.....5......x..............@...malloc_hL.....5......z.............. ..`.rsrc.........5.....................@..@.reloc...?...7...?.................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\chrome_100_percent.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):127125
                                                                                                                                                                                                                          Entropy (8bit):7.915612661029362
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:vlKzwqCT4wDNzIwL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:vlKzwt4uEgK18Gb0OV8ld0GecQ3f2
                                                                                                                                                                                                                          MD5:ACD0FA0A90B43CD1C87A55A991B4FAC3
                                                                                                                                                                                                                          SHA1:17B84E8D24DA12501105B87452F86BFA5F9B1B3C
                                                                                                                                                                                                                          SHA-256:CCBCA246B9A93FA8D4F01A01345E7537511C590E4A8EFD5777B1596D10923B4B
                                                                                                                                                                                                                          SHA-512:3E4C4F31C6C7950D5B886F6A8768077331A8F880D70B905CF7F35F74BE204C63200FF4A88FA236ABCCC72EC0FC102C14F50DD277A30F814F35ADFE5A7AE3B774
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..............t...#.....:.I...J~p...K~6...L~....M~#...N~....O~`...P~m...Q~....R~....S~I...T~....U~'"..V~.,..^~.7.._~;9..b~v:..c~(<..j~.<..k~.B..l~fH..m~.J..n~.K..o~.L.....M.....N....aP....IS....BV....uY.....]....Pa.....d....h....i...hk....l....m...An....n.....................................K.....x...........4.....m.....D.............................1........................'.....*.....4.....>.....C.....D....hM.....U.....V....>X.....Z....E].....]....a...%c....d....f....h....i....k....l....o...wq....t...7v....y....}....~...m................................3.................g.....6............................k.....-...........3.....9......................H.......................Y.................{.....s....M..............F...................&....y..............\....p....Z.........Z.........g...........................T..................6...............M.................r...........1.................X.................u.......

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\chrome_200_percent.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):177406
                                                                                                                                                                                                                          Entropy (8bit):7.939611912805236
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:4DQYaEQN6AJPKNzIwafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/rIM0:4DQYaNN68QEVgx5GMRejnbdZnVE6YopY
                                                                                                                                                                                                                          MD5:4610337E3332B7E65B73A6EA738B47DF
                                                                                                                                                                                                                          SHA1:8D824C9CF0A84AB902E8069A4DE9BF6C1A9AAF3B
                                                                                                                                                                                                                          SHA-256:C91ABF556E55C29D1EA9F560BB17CC3489CB67A5D0C7A22B58485F5F2FBCF25C
                                                                                                                                                                                                                          SHA-512:039B50284D28DCD447E0A486A099FA99914D29B543093CCCDA77BBEFDD61F7B7F05BB84B2708AE128C5F2D0C0AB19046D08796D1B5A1CFF395A0689AB25CCB51
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..............t...#.....:.t...J~....K~....L~....M~....N~....O~....P~.%..Q~.*..R~.-..S~c5..T~.9..U~.A..V~.V..^~Ck.._~.m..b~)o..c~yr..j~#s..k~.}..l~....m~...n~...o~......................................K.....!..................Q..............*........................a.......................,%....H0.....2....E:....(A.....F.....L.....R.....T....QY....:].....f.....i....br....Sv..........C...........).................].....}................................................................................................. ....!....%.....*.....,..........O/...../....y1.....2....l4.....6.....7....A:.....?.....C.....K.....S.....Y....._.....e....Ok.....l.....m.....n.....o.....q.....r.....s.....u....:w..............P............................%.............7................,........G........u.............B........S.........a....%........;.....................l...........T..........R...........6..........).............

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\d3dcompiler_47.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):4127200
                                                                                                                                                                                                                          Entropy (8bit):6.577665867424953
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:49152:OS7PQ+besnXqRtHKzhwSsz6Ku1FVVOsLQuouM0MeAD36FqxLfeIgSNwLTzHiU2Ir:O4PhqqFVUsLQl6FqVCLTzHxJIMd
                                                                                                                                                                                                                          MD5:3B4647BCB9FEB591C2C05D1A606ED988
                                                                                                                                                                                                                          SHA1:B42C59F96FB069FD49009DFD94550A7764E6C97C
                                                                                                                                                                                                                          SHA-256:35773C397036B368C1E75D4E0D62C36D98139EBE74E42C1FF7BE71C6B5A19FD7
                                                                                                                                                                                                                          SHA-512:00CD443B36F53985212AC43B44F56C18BF70E25119BBF9C59D05E2358FF45254B957F1EC63FC70FB57B1726FD8F76CCFAD8103C67454B817A4F183F9122E3F50
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                          • Filename: Airtame-4.11.0-setup.msi, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Win32.Trojan-Downloader.Generic.XVN7C1.21480.14818.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Win32.Trojan-Downloader.Generic.XVN7C1.21480.14818.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: HDKuOe.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: HDKuOe.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: 5GOuTtZoQn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!7P.OdP.OdP.Od..NeR.OdP.Nd..OdY..dU.Od.Jem.Od.KeQ.Od...dQ.Od..Leo.Od..Je..Od..OeQ.Od..Ge..Od..Kec.Od...dQ.Od..MeQ.OdRichP.Od................PE..L..................!.....2<..*...............P<...............................?.......?...@A.........................<<.u.....=.P.....=.@.............>..%....=.........T....................u..........@.............=..............................text...e0<......2<................. ..`.data...`"...P<......6<.............@....idata........=.......<.............@..@.rsrc...@.....=.......<.............@..@.reloc........=.......<.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\ffmpeg.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):2577408
                                                                                                                                                                                                                          Entropy (8bit):6.874677747990032
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:49152:YKM7YWN1tYNFKtJPP5f+8xH6UahvIxi9xrBYHZU7ewdCUQFdqQi9muA:YKM7YWNT2Kt9QoaUalEi9xqZ29dA
                                                                                                                                                                                                                          MD5:1BB0E1140EF08440AD47D80B70DBF742
                                                                                                                                                                                                                          SHA1:C2E4243BAD76B465B5AB39865AC023DB1632D6B0
                                                                                                                                                                                                                          SHA-256:C0D9EDDE3864D9450744F4BC526A98608B629AEED01C6647F600802E1B1CF671
                                                                                                                                                                                                                          SHA-512:29D71E3BD7DF7014A03E26CA6EE5B59FF6E3D06096742FAE5DEC6282ABD1F0D2F24C886A503E3A691D38CC68E0DA504A7F657DCEC4758B640A1A523D3EEAA57A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!................p........................................@=...........@A.........................+&......1&.(............................`<.(...l.%.......................%.....@...............l3&..............................text...7........................... ..`.rdata..T...........................@..@.data........p&......X&.............@....00cfg.......@<......t&.............@..@.tls.........P<......v&.............@....reloc..(....`<......x&.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\icudtl.dat

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):10542048
                                                                                                                                                                                                                          Entropy (8bit):6.277141340322909
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:98304:OKPBQYOo+ddlymOk25flQCUliXUxiG9Ha93Whla6ZGdnp/8k:OKPBhORjOhCliXUxiG9Ha93Whla6ZGrn
                                                                                                                                                                                                                          MD5:D89CE8C00659D8E5D408C696EE087CE3
                                                                                                                                                                                                                          SHA1:49FC8109960BE3BB32C06C3D1256CB66DDED19A8
                                                                                                                                                                                                                          SHA-256:9DFBE0DAD5C7021CFE8DF7F52458C422CBC5BE9E16FF33EC90665BB1E3F182DE
                                                                                                                                                                                                                          SHA-512:DB097CE3EB9E132D0444DF79B167A7DCB2DF31EFFBBD3DF72DA3D24AE2230CC5213C6DF5E575985A9918FBD0A6576E335B6EBC12B6258BC93FA205399DE64C37
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .Q....B.......B...#...B.. $...B..p$...B...$...B...%...B..`P...C...P...C...Q..(C......<C.....OC......bC..@...uC.......C..P....C.......C.......C..p....C.. ....C.......C.......D..p... D.....3D..0...FD.....YD.....lD.......D......D..0....D.......D..p....D......D..@....D.......E......E..@...*E.....=E..P...NE......bE.....rE..@....E.......E.......E..P....E.......E......E..@....F.......F.....'F..0...7F..P...JF......aF......qF...G...F.. H...F..`K...F...K...F...L...F...-...F...c...G....'.'G....'.>G..@.'.UG..0.'.oG....'..G...!'..G...!'..G..P&'..G...)'..G..@*'..H..`.(..H...e).7H..0.).VH...)*.xH....*..H....*..H...P+..H...Y+..H...Z+..I...]+. I..`^+.9I.. .+.UI....+.lI....+..I..P.-..I...=...I.......I.......I.. ....J..p....J......-J..p...EJ......ZJ......rJ..`....J..@....J.......J.......J..0....J.......J.......J..0....K..@....K..../.2K...,/.GK..../.\K..

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\libEGL.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):380416
                                                                                                                                                                                                                          Entropy (8bit):6.587105864412105
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:6FVfk760MmXXwvT3WpVgvpqwm9SPECshBZeD6EHh:267rjnpVgvpqwm93rIW
                                                                                                                                                                                                                          MD5:E0A5D1A5D55DFFB55513ACB736CEF1C1
                                                                                                                                                                                                                          SHA1:307FC023790AF5BF3D45678DE985E8E9F34896F7
                                                                                                                                                                                                                          SHA-256:AA5DA4005C76CFE5195B69282B2AD249D7DC2300BBC979592BD67315FC30C669
                                                                                                                                                                                                                          SHA-512:094E23869FD42C60F83E0F4D1A2CD1A29D2EFD805AC02A01CE9700B8E7B0E39E52FE86503264A0298C85F0D02B38620F1E773F2EA981F3049AEBA3104B04253F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!.....h...b...............................................@............@A........................0;......FI..(.......x.......................P@..@........................-.......................J..`............................text....f.......h.................. ..`.rdata...............l..............@..@.data...d3...........f..............@....00cfg..............................@..@.tls................................@....rsrc...x...........................@..@.reloc..P@.......B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\libGLESv2.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):6685696
                                                                                                                                                                                                                          Entropy (8bit):6.815311523896318
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:98304:ZHYQkvdLN+UNQR14/hr5njmwSNDBVO0Bz7arD+0t1t0zA5Lgs2+A1tCw:itvwq/hr5jmwSVBJBz7arQA+sq1tC
                                                                                                                                                                                                                          MD5:44F7C21B6010048E0DCDC43D83EBD357
                                                                                                                                                                                                                          SHA1:D0A4DFD8DBAE1A8421C3043315D78ECD84502B16
                                                                                                                                                                                                                          SHA-256:F6259A9B9C284EE5916447DD9D0BA051C2908C9D3662D42D8BBE6CE6D65A37DE
                                                                                                                                                                                                                          SHA-512:7E03538DD8E798D0E808A8FC6E149E83DE9F8404E839900F6C9535DA6AAC8EF4D5C31044E547DDE34DCECE1255FAB9A9255FA069A99FCB08E49785D812B3887C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!......M.........`<C.......................................f...........@A..........................^.....r._.d.....b.......................b.t...,0^....................../^.....P.N..............._.8....^.@....................text...J.M.......M................. ..`.rdata..<.....N.......M.............@..@.data...<....._..(...._.............@....00cfg.......pb.......a.............@..@.tls..........b.......a.............@....rsrc.........b.......a.............@..@.reloc..t.....b.......a.............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\locales\af.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):377708
                                                                                                                                                                                                                          Entropy (8bit):5.4079285675542845
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:ebGJWQdLX/Wi6fR9a5DhZ2FQPnUGSBhjA636Zi2Jyn9Ybt5KXpgmLwSVxJsVxSjf:6GJW2bOi6fRmZ2OPnUThjA636Zi2Jynd
                                                                                                                                                                                                                          MD5:7E51349EDC7E6AED122BFA00970FAB80
                                                                                                                                                                                                                          SHA1:EB6DF68501ECCE2090E1AF5837B5F15AC3A775EB
                                                                                                                                                                                                                          SHA-256:F528E698B164283872F76DF2233A47D7D41E1ABA980CE39F6B078E577FD14C97
                                                                                                                                                                                                                          SHA-512:69DA19053EB95EEF7AB2A2D3F52CA765777BDF976E5862E8CEBBAA1D1CE84A7743F50695A3E82A296B2F610475ABB256844B6B9EB7A23A60B4A9FC4EAE40346D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........E...h.....i.....j.....k.....l.....n."...o.'...p.4...r.:...s.K...t.T...v.i...w.v...y.|...z.....|.....}.....................................................................................-.....>.....E.....N.....g.....p.....{...................................................../.....?.....K.....X.....y...........................................................<.....R.....W.....].....l.....y.....}.....................................................+.....9.....A.....I.....P.....U.....c.....s...............................................%.....J.....d.....m.....y...........................................................+.....2.....5.....6.....B.....L.....V.....].....g.............................O.....^.....k.................................................................".....5.....Q.....z....................................... .....".....%.....(.$...*.D...+.G...,.e........./.....0.....1.....3.....4.....5.....6.D...7.U...8.j...9.y...<.....=.....>.....?.....@.....A.....C.$...D.+.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\locales\am.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):613642
                                                                                                                                                                                                                          Entropy (8bit):4.894733266944232
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:b3pIuPzq8xSTwO8sgjZz5E9VJAVtnuviQix30jH8+I:b3plq8xLO8zjZz5E9VJAVtSiQO
                                                                                                                                                                                                                          MD5:2009647C3E7AED2C4C6577EE4C546E19
                                                                                                                                                                                                                          SHA1:E2BBACF95EC3695DAAE34835A8095F19A782CBCF
                                                                                                                                                                                                                          SHA-256:6D61E5189438F3728F082AD6F694060D7EE8E571DF71240DFD5B77045A62954E
                                                                                                                                                                                                                          SHA-512:996474D73191F2D550C516ED7526C9E2828E2853FCFBE87CA69D8B1242EB0DEDF04030BBCA3E93236BBD967D39DE7F9477C73753AF263816FAF7D4371F363BA3
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........W...h.....i.....j.'...k.6...l.A...n.I...o.N...p.[...r.a...s.r...t.{...v.....w.....y.....z.....|.....}.........................................................................7.....S.....i.........................................L.....k.....m.....q...................................1.....A.....`.............................".....4.....=.....\.....~...................................5.....Q.....W.....Z.....i.............................K.....z.....................................................8.....G.....`.............................".........................................>.....A.....s.............................@.....G.....J.....K.....W.....`.....|.......................<............................./.....g.....w...............................................3.......................E.....j.....p.....x..................... .....".....%.6...(.c...*.....+.....,.........../.....0.....1.]...3.y...4.....5.....6.K...7.s...8.....9.....;.....<.....=.....>.?...?.I...@.i...A.....C...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\locales\ar.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):671738
                                                                                                                                                                                                                          Entropy (8bit):4.903433286644294
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:gjptqBycpX8vYULIrmhkH+P5NNb++YTzgpPMgSENeX:BB2um5S++
                                                                                                                                                                                                                          MD5:47A6D10B4112509852D4794229C0A03B
                                                                                                                                                                                                                          SHA1:2FB49A0B07FBDF8D4CE51A7B5A7F711F47A34951
                                                                                                                                                                                                                          SHA-256:857FE3AB766B60A8D82B7B6043137E3A7D9F5CFB8DDD942316452838C67D0495
                                                                                                                                                                                                                          SHA-512:5F5B280261195B8894EFAE9DF2BECE41C6C6A72199D65BA633C30D50A579F95FA04916A30DB77831F517B22449196D364D6F70D10D6C5B435814184B3BCF1667
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........*...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.!...v.6...w.C...y.I...z.X...|.^...}.p.....x.....}.................................................................'.....^.....n...................................'.....*...........V.....x.........................................G.....].....p...............................................o...................................................../.....Q.....s.......................(....._.....i.....q.....x.............................#.....:.....m.......................).....Z.....k.........................................$.....?.....U.....k...........................................................p.................7.....L.....h.......................!.....1.....9.....E.....g.......................&.....Z............................................. .'...".D...%.x...(.....*.....+.....,.6.....M.../.~...0.....1.....3.....4.....5.,...6.....7.....8.....9.....;.....<.:...=.P...>.....?.....@.....A.....C.....D.....E.!...F._.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\locales\bg.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):701716
                                                                                                                                                                                                                          Entropy (8bit):4.66095894344634
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:7Od6KqVw2iILlY+dAs1aQUfjoaVV4FH2mFxvx35uKN3CuKb7szmV2Jfu64K+z5jG:KsKqJi6lY+dAs1aQU7yZx35uK4XQzQI9
                                                                                                                                                                                                                          MD5:A19269683A6347E07C55325B9ECC03A4
                                                                                                                                                                                                                          SHA1:D42989DAF1C11FCFFF0978A4FB18F55EC71630EC
                                                                                                                                                                                                                          SHA-256:AD65351A240205E881EF5C4CF30AD1BC6B6E04414343583597086B62D48D8A24
                                                                                                                                                                                                                          SHA-512:1660E487DF3F3F4EC1CEA81C73DCA0AB86AAF121252FBD54C7AC091A43D60E1AFD08535B082EFD7387C12616672E78AA52DDDFCA01F833ABEF244284482F2C76
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........P...h.....i.....j.....k.%...l.0...n.8...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.........................................................................F.....h...............................................[.........................................#.....Q.....x...................................[.........................................T...............................................'.....U......................./.....c...............................................>.....s.............................4.....^................. .....9.....V.....l...................................\...............................................&.....B.....S.....v...............................................O.....r...................................0.......................9.....z.......................-.....[............... .....".....%.....(.E...*.q...+.t...,.........../.....0.....1.....3.....4.....5.....6.....7.....8.....9.....;.3...<.G...=._...>.....?.....@.....A.....C.F.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\locales\bn.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):904943
                                                                                                                                                                                                                          Entropy (8bit):4.273773274227575
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:1536:wqf22AwWk+ADszaaH0PaMadiMNKVbVtQW01jilDouMGsW2uMBVr+9RU4yVS5PMxq:1zW/AMfafVoCp8YbkJBbdJ2DB5y0XlRB
                                                                                                                                                                                                                          MD5:5CDD07FA357C846771058C2DB67EB13B
                                                                                                                                                                                                                          SHA1:DEB87FC5C13DA03BE86F67526C44F144CC65F6F6
                                                                                                                                                                                                                          SHA-256:01C830B0007B8CE6ACA46E26D812947C3DF818927B826F7D8C5FFD0008A32384
                                                                                                                                                                                                                          SHA-512:2AC29A3AA3278BD9A8FE1BA28E87941F719B14FBF8B52E0B7DC9D66603C9C147B9496BF7BE4D9E3AA0231C024694EF102DCC094C80C42BE5D68D3894C488098C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........K...h.....i.....j.....k.$...l./...n.7...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.............................................................................................................7.....a.......................".....$.....(.....P.......................+.....T.....p.......................H...................................M.....c...........5.....D....._.........................................A.....z.................B.......................................................................H.....a.....s.........................................B.....g.............................3.....W.....{...............................................>...........j...................................6.....R.........................................g...........9.....u...........V...................................8... .M...".....%.....(. ...*.\...,._........./.....0.....1.`...3.....4.....5.....6.....7.....8.E...9.d...;.....<.....=.....>."...?.5...@.j...A.....C.3...D.S.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\locales\ca.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):426906
                                                                                                                                                                                                                          Entropy (8bit):5.400864409916039
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:+XnGrijIs3cSlFEYLCJBB43nbhjJSwmrwiwWzM1ldLbpuQ16BtryBBwIle3nei3X:iNV4ossMNu51hnW5CptA
                                                                                                                                                                                                                          MD5:D259469E94F2ADF54380195555154518
                                                                                                                                                                                                                          SHA1:D69060BBE8E765CA4DC1F7D7C04C3C53C44B8AB5
                                                                                                                                                                                                                          SHA-256:F98B7442BEFC285398A5DD6A96740CBA31D2F5AADADD4D5551A05712D693029B
                                                                                                                                                                                                                          SHA-512:D0BD0201ACF4F7DAA84E89AA484A3DEC7B6A942C3115486716593213BE548657AD702EF2BC1D3D95A4A56B0F6E7C33D5375F41D6A863E4CE528F2BD6A318240E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........N...h.....i.....j.....k.!...l.,...n.4...o.9...p.F...r.L...s.]...t.f...v.{...w.....y.....z.....|.....}...............................................................................6.....O.....o.....|.....................................................2.....J.....j.....q...........................................................1.....;.....M.....].......................................................................D.....i.................................................................+.....2.....?.....u.........................................".....5.....F.....b.....e.....}.............................................................................&.....h......................./.....P.....s.....................................................4.....P.....|...............................................:.....F... .Q...".g...%.....(.....*.....+.....,.........../.-...0.2...1.h...3.x...4.....5.....6.....7.....8.....9.(...;.6...<.D...=.R...>.l...?.v...@.....A.....C.....D.....E...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\resources.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):5245458
                                                                                                                                                                                                                          Entropy (8bit):7.995476669559971
                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                          SSDEEP:98304:HLYxfQVcnNWz49PDq2AwpmqdhBh1Dd42cjrwrbHw4o0DPelwG3RC:H0pQGcMButuBhpd4jkrU4oeelrRC
                                                                                                                                                                                                                          MD5:7D5065ECBA284ED704040FCA1C821922
                                                                                                                                                                                                                          SHA1:095FCC890154A52AD1998B4B1E318F99B3E5D6B8
                                                                                                                                                                                                                          SHA-256:A10C3D236246E001CB9D434A65FC3E8AA7ACDDDDD9608008DB5C5C73DEE0BA1F
                                                                                                                                                                                                                          SHA-512:521B2266E3257ADAA775014F77B0D512FF91B087C2572359D68FFE633B57A423227E3D5AF8EE4494538F1D09AA45FFA1FE8E979814178512C37F7088DDD7995D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:............f.......P'....$*.....-...43@...4.H...4XK...4i]...4.f...4.m...4?p...4.v...4.x...4.z...4.~...4....4.....4?....4.....4....4.....4=....4z....4a....4....4....4.....4.....4.....43....4.....4.....4J....4J....4.....4.....4#....4j....4J....5.....5....v5.:..w5.;..x5.<..y5.>..z5a?...5.?...5.D...5.E...5dJ...5.O...5.V...5.f...5.w...5.x...5.|..n<&...x<....y<....z<....{<....|<....<+....<r....<8....</....<....V@....W@....X@x...Y@d...Z@....[@2...\@O...]@....^@...._@hh..`@....<A....=A.....P.~...Pe....PX....P.....P.....Pt....P.....P3....Q.....QF....Q.....Q.....Q.....Q[....QA....Q.....Q.....QW....Q.....Qv....Q9!...Q.'...QF....Q.1..,Q.F..-QsL...QLN../Q.P..0Q.U..1Q.i..2Q.j..3Q.k..4QEm..5Q.o..6Q.r..7Q~t..8QEw..9Q!x..:Q.z..;Ql...<Q)...=Q....>Q ...?Q"....R....Ry....}.....}. ...}._...}%a...}[h...}.h...}[j...}Lo...}....}.&...}.....}.6...}4;...}.=...}&B...}mG...~.O...~.d...~.q...~.t...~.|...~.}..!~...."~....#~...$~|...&~....'~A...(~....)~....*~t$..+~.4..,~.6..-~V8...~.;../~i<..0~|=..1~iA..2~.H

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\snapshot_blob.bin

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):220112
                                                                                                                                                                                                                          Entropy (8bit):3.855980291560132
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:PCwB4XM5LZsfo0p7SnaCCz3wqTYLmN6hdSajAvDGc/dH4WBlkwHvwi0UQn1nWIa3:KwNsf5PBt
                                                                                                                                                                                                                          MD5:916127734BC7C5B0DB478191A37FC19A
                                                                                                                                                                                                                          SHA1:F9D868C2578F14513FCB95E109AEC795C98DBBA3
                                                                                                                                                                                                                          SHA-256:E19ED7FB96E19BB5BFE791DF03561D654EA5D52021C3403A2652F439A8D77801
                                                                                                                                                                                                                          SHA-512:D291B26568572D5777B036577DDF30C1B6C6C41E9D53EF2D8AF735DB001EA5C568371F3907FBFFC02FEEE628F0F29AFB718AE5DEB32FF245A37947A7B1B9C297
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..........j)11.2.214.9-electron.0...........................................D......L...........`....`....`....`b...`....`..........Y.D......`$.........D......`$.......D......`$.......m.D......`$.........D......`D.........D......`$.......1.D......`$.......D......`$.......D......`$.........D......`$.......D......`$......ID......`$.......D......`$.......D......`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\v8_context_snapshot.bin

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):523336
                                                                                                                                                                                                                          Entropy (8bit):5.1733870178138
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:51ZU4IFZ/X+KBIViMMg8zYOK8B4UnK83ItBaUHK:nZaZ/OiY2BnrUAF
                                                                                                                                                                                                                          MD5:4F4D00247758C684C295243DDEDD2948
                                                                                                                                                                                                                          SHA1:F8E8FC6C22FDE9DF1D60C329E38B38A85F96BB69
                                                                                                                                                                                                                          SHA-256:4EA84C4465EEA20B46E6DED30F711F1E0D61E15574D861B0210819ABD5E895E5
                                                                                                                                                                                                                          SHA-512:2C335672979114BD68FF6F1B1B94235FBF072FE8642CAD1F7D61855B92741F0633FA0CCB77CD520BE560DB2D3AC75F9BE08E22806487BF5D3045781E3903AD45
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........r4u.11.2.214.9-electron.0................................................C..`...l...............`....`....`T...`b...`....`..........Y.D......`$.........D......`$.......D......`$.......m.D......`$.........D......`D.........D......`$.......1.D......`$.......D......`$.......D......`$.........D......`$.......D......`$......ID......`$.......D......`$.......D......`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vk_swiftshader.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):4691456
                                                                                                                                                                                                                          Entropy (8bit):6.674054781171017
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:98304:x2GmsucG1vUTM3SFhCrHglx7LQDCwchuW6ugI:cuuF4XhCGLQDCaI
                                                                                                                                                                                                                          MD5:65A5705D95A0820740B3396851FF1751
                                                                                                                                                                                                                          SHA1:A692A80BAFC41BA1B29EF19890F8465B3FB20DCB
                                                                                                                                                                                                                          SHA-256:4C4B935CBB320033F504A89B1EB0A4BCB176BBD46A5981153CB1F54DEB146A1C
                                                                                                                                                                                                                          SHA-512:0C5DF23B96EAF952C4A498FF6D854DF2B62E7631B16C2855ED37DDBADFFBA3DD52E7450F2E06CF094BEC2E0D70D14C87A652150766D90EC8662E03123DF5942D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!.....N9..D.......4.......................................H...........@A.........................C.~...f.C.P....pF.......................F..6...:C.....................0:C......`9..............C..............................text....L9......N9................. ..`.rdata......`9......R9.............@..@.data...8T....C..z....C.............@....00cfg.......PF......TE.............@..@.tls....1....`F......VE.............@....rsrc........pF......XE.............@..@.reloc...6....F..8...^E.............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vk_swiftshader_icd.json

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):106
                                                                                                                                                                                                                          Entropy (8bit):4.724752649036734
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                                                                          MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                                          SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                                          SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                                          SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vulkan-1.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):804864
                                                                                                                                                                                                                          Entropy (8bit):6.7728821881501
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24576:cJObHhG7TEnCGlrpZpjL4TB46Z5WODYsHh6g3P0zAk722:c0c7TECgpZpju46Z5WODYsHh6g3P0zA+
                                                                                                                                                                                                                          MD5:A947C5D8FEC95A0F24B4143CED301209
                                                                                                                                                                                                                          SHA1:EBF3089985377A58B8431A14E22A814857287AAF
                                                                                                                                                                                                                          SHA-256:29CB256921A1B0F222C82650469D534CCDF038D1F395B3AAA9F1086918F5D3FA
                                                                                                                                                                                                                          SHA-512:75F5E055F4422B5558FC1CB3EA84FB7CBEAAE6F71C786CC06C295D4AB51C0B1C84E28A7C89FE544F007DBE8E612BED4059139F1575934FE4BAC8E538C674EBD3
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!.....H...........8....................................................@A........................._..<!..L...P.... .......................0.......=.......................<.......`..............x................................text....F.......H.................. ..`.rdata..<U...`...V...L..............@..@.data...`5..........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\LICENSE.electron.txt

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1096
                                                                                                                                                                                                                          Entropy (8bit):5.13006727705212
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                                                                          MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                                                                          SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                                                                          SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                                                                          SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\LICENSES.chromium.html

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:HTML document, ASCII text
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):8312662
                                                                                                                                                                                                                          Entropy (8bit):4.705814170451806
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24576:dbTy6TU675kfWScRQfJw91SmfJB6i6e6R626X8HHdE/pG6:tygpj
                                                                                                                                                                                                                          MD5:312446EDF757F7E92AAD311F625CEF2A
                                                                                                                                                                                                                          SHA1:91102D30D5ABCFA7B6EC732E3682FB9C77279BA3
                                                                                                                                                                                                                          SHA-256:C2656201AC86438D062673771E33E44D6D5E97670C3160E0DE1CB0BD5FBBAE9B
                                                                                                                                                                                                                          SHA-512:DCE01F2448A49A0E6F08BBDE6570F76A87DCC81179BB51D5E2642AD033EE81AE3996800363826A65485AB79085572BBACE51409AE7102ED1A12DF65018676333
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title" style="float:left;">Credits</span>.<a id="print-link" href="#" style="float:right;" hidden>Print</a>.<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.<div class="licence">.<pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-u.ac.jp)..You may us

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\SerenityTherapyInstaller.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):138321408
                                                                                                                                                                                                                          Entropy (8bit):6.983404833838794
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:1572864:m4sMLl/BkZTVV2iplzf+ekzrMdTOG0AfhgojwlwVgmPQtn06H9rejAEdCoIZXCVb:/l/BkVVPBDgmPKa5Wnu3X7
                                                                                                                                                                                                                          MD5:D05989CE9BE7EA67632845FA837299C9
                                                                                                                                                                                                                          SHA1:359843B36A73C0D1D513B8684A2F83AF34CE96A2
                                                                                                                                                                                                                          SHA-256:DF4030369CA29744F74BC4932A4FFD0537D41796C9D913623DE0D6214EC39D91
                                                                                                                                                                                                                          SHA-512:BEF82D9FB46849489FB87E8C5DBDE7A86DDDF2A1DCE39E752A30992258C7E01C990384D918BE99B4F51B285E77CA6ADC820948CAB6BBD12140B4F806578C5817
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."......"...h.......L|...........@.......................... w...........@.............................$.......h.....5.......................7..?..........................+......XO..............d...8...D........................text...B!.......".................. ..`.rdata..DWK..@...XK..&..............@..@.data.....=..........~..............@....00cfg........5......j..............@..@.rodata.`.....5......l.............. ..`.tls..........5......v..............@...CPADinfo(.....5......x..............@...malloc_hL.....5......z.............. ..`.rsrc.........5.....................@..@.reloc...?...7...?.................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\chrome_100_percent.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):127125
                                                                                                                                                                                                                          Entropy (8bit):7.915612661029362
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:vlKzwqCT4wDNzIwL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:vlKzwt4uEgK18Gb0OV8ld0GecQ3f2
                                                                                                                                                                                                                          MD5:ACD0FA0A90B43CD1C87A55A991B4FAC3
                                                                                                                                                                                                                          SHA1:17B84E8D24DA12501105B87452F86BFA5F9B1B3C
                                                                                                                                                                                                                          SHA-256:CCBCA246B9A93FA8D4F01A01345E7537511C590E4A8EFD5777B1596D10923B4B
                                                                                                                                                                                                                          SHA-512:3E4C4F31C6C7950D5B886F6A8768077331A8F880D70B905CF7F35F74BE204C63200FF4A88FA236ABCCC72EC0FC102C14F50DD277A30F814F35ADFE5A7AE3B774
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..............t...#.....:.I...J~p...K~6...L~....M~#...N~....O~`...P~m...Q~....R~....S~I...T~....U~'"..V~.,..^~.7.._~;9..b~v:..c~(<..j~.<..k~.B..l~fH..m~.J..n~.K..o~.L.....M.....N....aP....IS....BV....uY.....]....Pa.....d....h....i...hk....l....m...An....n.....................................K.....x...........4.....m.....D.............................1........................'.....*.....4.....>.....C.....D....hM.....U.....V....>X.....Z....E].....]....a...%c....d....f....h....i....k....l....o...wq....t...7v....y....}....~...m................................3.................g.....6............................k.....-...........3.....9......................H.......................Y.................{.....s....M..............F...................&....y..............\....p....Z.........Z.........g...........................T..................6...............M.................r...........1.................X.................u.......

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\chrome_200_percent.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):177406
                                                                                                                                                                                                                          Entropy (8bit):7.939611912805236
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:4DQYaEQN6AJPKNzIwafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/rIM0:4DQYaNN68QEVgx5GMRejnbdZnVE6YopY
                                                                                                                                                                                                                          MD5:4610337E3332B7E65B73A6EA738B47DF
                                                                                                                                                                                                                          SHA1:8D824C9CF0A84AB902E8069A4DE9BF6C1A9AAF3B
                                                                                                                                                                                                                          SHA-256:C91ABF556E55C29D1EA9F560BB17CC3489CB67A5D0C7A22B58485F5F2FBCF25C
                                                                                                                                                                                                                          SHA-512:039B50284D28DCD447E0A486A099FA99914D29B543093CCCDA77BBEFDD61F7B7F05BB84B2708AE128C5F2D0C0AB19046D08796D1B5A1CFF395A0689AB25CCB51
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..............t...#.....:.t...J~....K~....L~....M~....N~....O~....P~.%..Q~.*..R~.-..S~c5..T~.9..U~.A..V~.V..^~Ck.._~.m..b~)o..c~yr..j~#s..k~.}..l~....m~...n~...o~......................................K.....!..................Q..............*........................a.......................,%....H0.....2....E:....(A.....F.....L.....R.....T....QY....:].....f.....i....br....Sv..........C...........).................].....}................................................................................................. ....!....%.....*.....,..........O/...../....y1.....2....l4.....6.....7....A:.....?.....C.....K.....S.....Y....._.....e....Ok.....l.....m.....n.....o.....q.....r.....s.....u....:w..............P............................%.............7................,........G........u.............B........S.........a....%........;.....................l...........T..........R...........6..........).............

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\d3dcompiler_47.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):4127200
                                                                                                                                                                                                                          Entropy (8bit):6.577665867424953
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:49152:OS7PQ+besnXqRtHKzhwSsz6Ku1FVVOsLQuouM0MeAD36FqxLfeIgSNwLTzHiU2Ir:O4PhqqFVUsLQl6FqVCLTzHxJIMd
                                                                                                                                                                                                                          MD5:3B4647BCB9FEB591C2C05D1A606ED988
                                                                                                                                                                                                                          SHA1:B42C59F96FB069FD49009DFD94550A7764E6C97C
                                                                                                                                                                                                                          SHA-256:35773C397036B368C1E75D4E0D62C36D98139EBE74E42C1FF7BE71C6B5A19FD7
                                                                                                                                                                                                                          SHA-512:00CD443B36F53985212AC43B44F56C18BF70E25119BBF9C59D05E2358FF45254B957F1EC63FC70FB57B1726FD8F76CCFAD8103C67454B817A4F183F9122E3F50
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!7P.OdP.OdP.Od..NeR.OdP.Nd..OdY..dU.Od.Jem.Od.KeQ.Od...dQ.Od..Leo.Od..Je..Od..OeQ.Od..Ge..Od..Kec.Od...dQ.Od..MeQ.OdRichP.Od................PE..L..................!.....2<..*...............P<...............................?.......?...@A.........................<<.u.....=.P.....=.@.............>..%....=.........T....................u..........@.............=..............................text...e0<......2<................. ..`.data...`"...P<......6<.............@....idata........=.......<.............@..@.rsrc...@.....=.......<.............@..@.reloc........=.......<.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\ffmpeg.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):2577408
                                                                                                                                                                                                                          Entropy (8bit):6.874677747990032
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:49152:YKM7YWN1tYNFKtJPP5f+8xH6UahvIxi9xrBYHZU7ewdCUQFdqQi9muA:YKM7YWNT2Kt9QoaUalEi9xqZ29dA
                                                                                                                                                                                                                          MD5:1BB0E1140EF08440AD47D80B70DBF742
                                                                                                                                                                                                                          SHA1:C2E4243BAD76B465B5AB39865AC023DB1632D6B0
                                                                                                                                                                                                                          SHA-256:C0D9EDDE3864D9450744F4BC526A98608B629AEED01C6647F600802E1B1CF671
                                                                                                                                                                                                                          SHA-512:29D71E3BD7DF7014A03E26CA6EE5B59FF6E3D06096742FAE5DEC6282ABD1F0D2F24C886A503E3A691D38CC68E0DA504A7F657DCEC4758B640A1A523D3EEAA57A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!................p........................................@=...........@A.........................+&......1&.(............................`<.(...l.%.......................%.....@...............l3&..............................text...7........................... ..`.rdata..T...........................@..@.data........p&......X&.............@....00cfg.......@<......t&.............@..@.tls.........P<......v&.............@....reloc..(....`<......x&.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\icudtl.dat

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):10542048
                                                                                                                                                                                                                          Entropy (8bit):6.277141340322909
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:98304:OKPBQYOo+ddlymOk25flQCUliXUxiG9Ha93Whla6ZGdnp/8k:OKPBhORjOhCliXUxiG9Ha93Whla6ZGrn
                                                                                                                                                                                                                          MD5:D89CE8C00659D8E5D408C696EE087CE3
                                                                                                                                                                                                                          SHA1:49FC8109960BE3BB32C06C3D1256CB66DDED19A8
                                                                                                                                                                                                                          SHA-256:9DFBE0DAD5C7021CFE8DF7F52458C422CBC5BE9E16FF33EC90665BB1E3F182DE
                                                                                                                                                                                                                          SHA-512:DB097CE3EB9E132D0444DF79B167A7DCB2DF31EFFBBD3DF72DA3D24AE2230CC5213C6DF5E575985A9918FBD0A6576E335B6EBC12B6258BC93FA205399DE64C37
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .Q....B.......B...#...B.. $...B..p$...B...$...B...%...B..`P...C...P...C...Q..(C......<C.....OC......bC..@...uC.......C..P....C.......C.......C..p....C.. ....C.......C.......D..p... D.....3D..0...FD.....YD.....lD.......D......D..0....D.......D..p....D......D..@....D.......E......E..@...*E.....=E..P...NE......bE.....rE..@....E.......E.......E..P....E.......E......E..@....F.......F.....'F..0...7F..P...JF......aF......qF...G...F.. H...F..`K...F...K...F...L...F...-...F...c...G....'.'G....'.>G..@.'.UG..0.'.oG....'..G...!'..G...!'..G..P&'..G...)'..G..@*'..H..`.(..H...e).7H..0.).VH...)*.xH....*..H....*..H...P+..H...Y+..H...Z+..I...]+. I..`^+.9I.. .+.UI....+.lI....+..I..P.-..I...=...I.......I.......I.. ....J..p....J......-J..p...EJ......ZJ......rJ..`....J..@....J.......J.......J..0....J.......J.......J..0....K..@....K..../.2K...,/.GK..../.\K..

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\libEGL.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):380416
                                                                                                                                                                                                                          Entropy (8bit):6.587105864412105
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:6FVfk760MmXXwvT3WpVgvpqwm9SPECshBZeD6EHh:267rjnpVgvpqwm93rIW
                                                                                                                                                                                                                          MD5:E0A5D1A5D55DFFB55513ACB736CEF1C1
                                                                                                                                                                                                                          SHA1:307FC023790AF5BF3D45678DE985E8E9F34896F7
                                                                                                                                                                                                                          SHA-256:AA5DA4005C76CFE5195B69282B2AD249D7DC2300BBC979592BD67315FC30C669
                                                                                                                                                                                                                          SHA-512:094E23869FD42C60F83E0F4D1A2CD1A29D2EFD805AC02A01CE9700B8E7B0E39E52FE86503264A0298C85F0D02B38620F1E773F2EA981F3049AEBA3104B04253F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!.....h...b...............................................@............@A........................0;......FI..(.......x.......................P@..@........................-.......................J..`............................text....f.......h.................. ..`.rdata...............l..............@..@.data...d3...........f..............@....00cfg..............................@..@.tls................................@....rsrc...x...........................@..@.reloc..P@.......B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\libGLESv2.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):6685696
                                                                                                                                                                                                                          Entropy (8bit):6.815311523896318
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:98304:ZHYQkvdLN+UNQR14/hr5njmwSNDBVO0Bz7arD+0t1t0zA5Lgs2+A1tCw:itvwq/hr5jmwSVBJBz7arQA+sq1tC
                                                                                                                                                                                                                          MD5:44F7C21B6010048E0DCDC43D83EBD357
                                                                                                                                                                                                                          SHA1:D0A4DFD8DBAE1A8421C3043315D78ECD84502B16
                                                                                                                                                                                                                          SHA-256:F6259A9B9C284EE5916447DD9D0BA051C2908C9D3662D42D8BBE6CE6D65A37DE
                                                                                                                                                                                                                          SHA-512:7E03538DD8E798D0E808A8FC6E149E83DE9F8404E839900F6C9535DA6AAC8EF4D5C31044E547DDE34DCECE1255FAB9A9255FA069A99FCB08E49785D812B3887C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!......M.........`<C.......................................f...........@A..........................^.....r._.d.....b.......................b.t...,0^....................../^.....P.N..............._.8....^.@....................text...J.M.......M................. ..`.rdata..<.....N.......M.............@..@.data...<....._..(...._.............@....00cfg.......pb.......a.............@..@.tls..........b.......a.............@....rsrc.........b.......a.............@..@.reloc..t.....b.......a.............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\af.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):377708
                                                                                                                                                                                                                          Entropy (8bit):5.4079285675542845
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:ebGJWQdLX/Wi6fR9a5DhZ2FQPnUGSBhjA636Zi2Jyn9Ybt5KXpgmLwSVxJsVxSjf:6GJW2bOi6fRmZ2OPnUThjA636Zi2Jynd
                                                                                                                                                                                                                          MD5:7E51349EDC7E6AED122BFA00970FAB80
                                                                                                                                                                                                                          SHA1:EB6DF68501ECCE2090E1AF5837B5F15AC3A775EB
                                                                                                                                                                                                                          SHA-256:F528E698B164283872F76DF2233A47D7D41E1ABA980CE39F6B078E577FD14C97
                                                                                                                                                                                                                          SHA-512:69DA19053EB95EEF7AB2A2D3F52CA765777BDF976E5862E8CEBBAA1D1CE84A7743F50695A3E82A296B2F610475ABB256844B6B9EB7A23A60B4A9FC4EAE40346D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........E...h.....i.....j.....k.....l.....n."...o.'...p.4...r.:...s.K...t.T...v.i...w.v...y.|...z.....|.....}.....................................................................................-.....>.....E.....N.....g.....p.....{...................................................../.....?.....K.....X.....y...........................................................<.....R.....W.....].....l.....y.....}.....................................................+.....9.....A.....I.....P.....U.....c.....s...............................................%.....J.....d.....m.....y...........................................................+.....2.....5.....6.....B.....L.....V.....].....g.............................O.....^.....k.................................................................".....5.....Q.....z....................................... .....".....%.....(.$...*.D...+.G...,.e........./.....0.....1.....3.....4.....5.....6.D...7.U...8.j...9.y...<.....=.....>.....?.....@.....A.....C.$...D.+.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\am.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):613642
                                                                                                                                                                                                                          Entropy (8bit):4.894733266944232
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:b3pIuPzq8xSTwO8sgjZz5E9VJAVtnuviQix30jH8+I:b3plq8xLO8zjZz5E9VJAVtSiQO
                                                                                                                                                                                                                          MD5:2009647C3E7AED2C4C6577EE4C546E19
                                                                                                                                                                                                                          SHA1:E2BBACF95EC3695DAAE34835A8095F19A782CBCF
                                                                                                                                                                                                                          SHA-256:6D61E5189438F3728F082AD6F694060D7EE8E571DF71240DFD5B77045A62954E
                                                                                                                                                                                                                          SHA-512:996474D73191F2D550C516ED7526C9E2828E2853FCFBE87CA69D8B1242EB0DEDF04030BBCA3E93236BBD967D39DE7F9477C73753AF263816FAF7D4371F363BA3
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........W...h.....i.....j.'...k.6...l.A...n.I...o.N...p.[...r.a...s.r...t.{...v.....w.....y.....z.....|.....}.........................................................................7.....S.....i.........................................L.....k.....m.....q...................................1.....A.....`.............................".....4.....=.....\.....~...................................5.....Q.....W.....Z.....i.............................K.....z.....................................................8.....G.....`.............................".........................................>.....A.....s.............................@.....G.....J.....K.....W.....`.....|.......................<............................./.....g.....w...............................................3.......................E.....j.....p.....x..................... .....".....%.6...(.c...*.....+.....,.........../.....0.....1.]...3.y...4.....5.....6.K...7.s...8.....9.....;.....<.....=.....>.?...?.I...@.i...A.....C...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\ar.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):671738
                                                                                                                                                                                                                          Entropy (8bit):4.903433286644294
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:gjptqBycpX8vYULIrmhkH+P5NNb++YTzgpPMgSENeX:BB2um5S++
                                                                                                                                                                                                                          MD5:47A6D10B4112509852D4794229C0A03B
                                                                                                                                                                                                                          SHA1:2FB49A0B07FBDF8D4CE51A7B5A7F711F47A34951
                                                                                                                                                                                                                          SHA-256:857FE3AB766B60A8D82B7B6043137E3A7D9F5CFB8DDD942316452838C67D0495
                                                                                                                                                                                                                          SHA-512:5F5B280261195B8894EFAE9DF2BECE41C6C6A72199D65BA633C30D50A579F95FA04916A30DB77831F517B22449196D364D6F70D10D6C5B435814184B3BCF1667
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........*...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.!...v.6...w.C...y.I...z.X...|.^...}.p.....x.....}.................................................................'.....^.....n...................................'.....*...........V.....x.........................................G.....].....p...............................................o...................................................../.....Q.....s.......................(....._.....i.....q.....x.............................#.....:.....m.......................).....Z.....k.........................................$.....?.....U.....k...........................................................p.................7.....L.....h.......................!.....1.....9.....E.....g.......................&.....Z............................................. .'...".D...%.x...(.....*.....+.....,.6.....M.../.~...0.....1.....3.....4.....5.,...6.....7.....8.....9.....;.....<.:...=.P...>.....?.....@.....A.....C.....D.....E.!...F._.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\bg.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):701716
                                                                                                                                                                                                                          Entropy (8bit):4.66095894344634
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:7Od6KqVw2iILlY+dAs1aQUfjoaVV4FH2mFxvx35uKN3CuKb7szmV2Jfu64K+z5jG:KsKqJi6lY+dAs1aQU7yZx35uK4XQzQI9
                                                                                                                                                                                                                          MD5:A19269683A6347E07C55325B9ECC03A4
                                                                                                                                                                                                                          SHA1:D42989DAF1C11FCFFF0978A4FB18F55EC71630EC
                                                                                                                                                                                                                          SHA-256:AD65351A240205E881EF5C4CF30AD1BC6B6E04414343583597086B62D48D8A24
                                                                                                                                                                                                                          SHA-512:1660E487DF3F3F4EC1CEA81C73DCA0AB86AAF121252FBD54C7AC091A43D60E1AFD08535B082EFD7387C12616672E78AA52DDDFCA01F833ABEF244284482F2C76
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........P...h.....i.....j.....k.%...l.0...n.8...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.........................................................................F.....h...............................................[.........................................#.....Q.....x...................................[.........................................T...............................................'.....U......................./.....c...............................................>.....s.............................4.....^................. .....9.....V.....l...................................\...............................................&.....B.....S.....v...............................................O.....r...................................0.......................9.....z.......................-.....[............... .....".....%.....(.E...*.q...+.t...,.........../.....0.....1.....3.....4.....5.....6.....7.....8.....9.....;.3...<.G...=._...>.....?.....@.....A.....C.F.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\bn.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):904943
                                                                                                                                                                                                                          Entropy (8bit):4.273773274227575
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:1536:wqf22AwWk+ADszaaH0PaMadiMNKVbVtQW01jilDouMGsW2uMBVr+9RU4yVS5PMxq:1zW/AMfafVoCp8YbkJBbdJ2DB5y0XlRB
                                                                                                                                                                                                                          MD5:5CDD07FA357C846771058C2DB67EB13B
                                                                                                                                                                                                                          SHA1:DEB87FC5C13DA03BE86F67526C44F144CC65F6F6
                                                                                                                                                                                                                          SHA-256:01C830B0007B8CE6ACA46E26D812947C3DF818927B826F7D8C5FFD0008A32384
                                                                                                                                                                                                                          SHA-512:2AC29A3AA3278BD9A8FE1BA28E87941F719B14FBF8B52E0B7DC9D66603C9C147B9496BF7BE4D9E3AA0231C024694EF102DCC094C80C42BE5D68D3894C488098C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........K...h.....i.....j.....k.$...l./...n.7...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.............................................................................................................7.....a.......................".....$.....(.....P.......................+.....T.....p.......................H...................................M.....c...........5.....D....._.........................................A.....z.................B.......................................................................H.....a.....s.........................................B.....g.............................3.....W.....{...............................................>...........j...................................6.....R.........................................g...........9.....u...........V...................................8... .M...".....%.....(. ...*.\...,._........./.....0.....1.`...3.....4.....5.....6.....7.....8.E...9.d...;.....<.....=.....>."...?.5...@.j...A.....C.3...D.S.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\ca.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):426906
                                                                                                                                                                                                                          Entropy (8bit):5.400864409916039
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:+XnGrijIs3cSlFEYLCJBB43nbhjJSwmrwiwWzM1ldLbpuQ16BtryBBwIle3nei3X:iNV4ossMNu51hnW5CptA
                                                                                                                                                                                                                          MD5:D259469E94F2ADF54380195555154518
                                                                                                                                                                                                                          SHA1:D69060BBE8E765CA4DC1F7D7C04C3C53C44B8AB5
                                                                                                                                                                                                                          SHA-256:F98B7442BEFC285398A5DD6A96740CBA31D2F5AADADD4D5551A05712D693029B
                                                                                                                                                                                                                          SHA-512:D0BD0201ACF4F7DAA84E89AA484A3DEC7B6A942C3115486716593213BE548657AD702EF2BC1D3D95A4A56B0F6E7C33D5375F41D6A863E4CE528F2BD6A318240E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........N...h.....i.....j.....k.!...l.,...n.4...o.9...p.F...r.L...s.]...t.f...v.{...w.....y.....z.....|.....}...............................................................................6.....O.....o.....|.....................................................2.....J.....j.....q...........................................................1.....;.....M.....].......................................................................D.....i.................................................................+.....2.....?.....u.........................................".....5.....F.....b.....e.....}.............................................................................&.....h......................./.....P.....s.....................................................4.....P.....|...............................................:.....F... .Q...".g...%.....(.....*.....+.....,.........../.-...0.2...1.h...3.x...4.....5.....6.....7.....8.....9.(...;.6...<.D...=.R...>.l...?.v...@.....A.....C.....D.....E...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\cs.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):436202
                                                                                                                                                                                                                          Entropy (8bit):5.843819816549512
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:U4ftEfqE2jv7ShUjBA59wjd558YAGKND9Gto8QV:U41HE2jjShqywjd558YAbNDcI
                                                                                                                                                                                                                          MD5:04A680847C4A66AD9F0A88FB9FB1FC7B
                                                                                                                                                                                                                          SHA1:2AFCDF4234A9644FB128B70182F5A3DF1EE05BE1
                                                                                                                                                                                                                          SHA-256:1CC44C5FBE1C0525DF37C5B6267A677F79C9671F86EDA75B6FC13ABF5D5356EB
                                                                                                                                                                                                                          SHA-512:3A8A409A3C34149A977DEA8A4CB0E0822281AED2B0A75B02479C95109D7D51F6FB2C2772CCF1486CA4296A0AC2212094098F5CE6A1265FA6A7EB941C0CFEF83E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:......../...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.(...v.=...w.J...y.P...z._...|.e...}.w.........................................................................................#.....,.....9.....V.....d.........................................!.....?.....L.....X.....d.....o.....................................................".....4.....E.....{.......................................................................8.....O.....d.....{.................................................................H.....Z.....h.....................................................9.....<.....J.....X.....h.....w.................................................................!.....p.......................".....>.....s.....................................................&.....N.....n.........................................+.....5... .=...".N...%.u...(.....*.....+.....,.........../.....0.....1.H...3.V...4.s...5.....6.....7.....8.....9.....<."...=.,...>.A...?.I...@.[...A.....C.....D...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\da.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):396104
                                                                                                                                                                                                                          Entropy (8bit):5.454826678090317
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:Q3rSn4RJ28687mlwlGXaJwZkqEb1Phv6VP5yarXGzOJixhd4/TWwS:eND/xqkqEO5nrFTq
                                                                                                                                                                                                                          MD5:1A53D374B9C37F795A462AAC7A3F118F
                                                                                                                                                                                                                          SHA1:154BE9CF05042ECED098A20FF52FA174798E1FEA
                                                                                                                                                                                                                          SHA-256:D0C38EB889EE27D81183A0535762D8EF314F0FDEB90CCCA9176A0CE9AB09B820
                                                                                                                                                                                                                          SHA-512:395279C9246BD30A0E45D775D9F9C36353BD11D9463282661C2ABD876BDB53BE9C9B617BB0C2186592CD154E9353EA39E3FEED6B21A07B6850AB8ECD57E1ED29
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........[...h.....i.)...j.5...k.D...l.O...n.W...o.\...p.i...r.o...s.....t.....v.....w.....y.....z.....|.....}.........................................................................?.....M.....].....q.....y...........................................................4.....K.....R.....].....m.....t...........................................................5.....F.....u.............................................................................9.....T.....m.....w.....z................................................................./.....E.....k.............................................................................+.....2.....5.....6.....=.....F.....L.....S.....^.............................X.....n.......................................................................F.....[................................................... .....".....%.,...(.T...*.....+.....,.........../.....0.....1.....3.....4.%...5.=...6.o...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.%...C.B...D.L.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\de.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):424277
                                                                                                                                                                                                                          Entropy (8bit):5.503137231857292
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:TFigju3qg4wajEzUKnYm31SOmhqYl51gHNiOIkCJD:TFiecqg1aqHSOu599kCJD
                                                                                                                                                                                                                          MD5:8E6654B89ED4C1DC02E1E2D06764805A
                                                                                                                                                                                                                          SHA1:FF660BC85BB4A0FA3B2637050D2B2D1AECC37AD8
                                                                                                                                                                                                                          SHA-256:61CBCE9A31858DDF70CC9B0C05FB09CE7032BFB8368A77533521722465C57475
                                                                                                                                                                                                                          SHA-512:5AC71EDA16F07F3F2B939891EDA2969C443440350FD88AB3A9B3180B8B1A3ECB11E79E752CF201F21B3DBFBA00BCC2E4F796F347E6137A165C081E86D970EE61
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:............h.V...i.g...j.s...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.............#.....+.....3.....;.....B.....I.....P.....Q.....R.....T...........................................................$.....:.....<.....@.....h.....}.....................................................-.....Q.....d.....j.....s...............................................4.....K.....O.....R.....[.....t...................................D.....Q.....[.....c.....j.....p.....}...............................................0.....d.................................................................6.....O.....i.....p.....s.....t.....~...................................=...................................6.....?.....Q.....[.....h.....m.....r...................................(.....Y.....u.....{........................... .....".....%.....(.....*./...+.2...,.P.....a.../.w...0.....1.....3.....4.....5.....6.A...7.U...8.i...9.w...;.....<.....=.....>.....?.....@.....A.....C.....D.%.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\el.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):769050
                                                                                                                                                                                                                          Entropy (8bit):4.75072843480339
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:H/58dBquNw2202pgtZSWjZ4LIbsJvaP5A3HKQiEQBR07391qf2utKMaBlS9WffFR:H8BquNw2202pgtsWjyLrJvaRA3HtiEQG
                                                                                                                                                                                                                          MD5:9528D21E8A3F5BAD7CA273999012EBE8
                                                                                                                                                                                                                          SHA1:58CD673CE472F3F2F961CF8B69B0C8B8C01D457C
                                                                                                                                                                                                                          SHA-256:E79C1E7A47250D88581E8E3BAF78DCAF31FE660B74A1E015BE0F4BAFDFD63E12
                                                                                                                                                                                                                          SHA-512:165822C49CE0BDB82F3C3221E6725DAC70F53CFDAD722407A508FA29605BC669FB5E5070F825F02D830E0487B28925644438305372A366A3D60B55DA039633D7
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........M...h.....i.....j.....k.....l.(...n.0...o.5...p.B...r.H...s.Y...t.b...v.w...w.....y.....z.....|.....}.........................................................................P.....w.............................B.....N.....Z...................................+.....x...................................h.....y.............................&.....C.....a.................,.....4.....H.....o...................................!.....M.................8...............................................1....._.....w.................!.....2.....q.................J.....a.........................................,.....O.....|.........................................!.....3.....F.....^.......................,.................<.............................(.....;.....I.......................M.................T.................................../... .B...".e...%.....(.....*.7...+.:...,.X........./.....0.....1.m...3.....4.....5.#...6.....7.....8.....9. ...;.a...<.w...=.....>.....?.....@.....A.B...C...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\en-GB.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):344606
                                                                                                                                                                                                                          Entropy (8bit):5.5169703217013675
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:80kjE55JcUnMP9egFXwqfaYnT9Xa5alSeBNdg:80kQJZnM1XwWT05YScg
                                                                                                                                                                                                                          MD5:D59E613E8F17BDAFD00E0E31E1520D1F
                                                                                                                                                                                                                          SHA1:529017D57C4EFED1D768AB52E5A2BC929FDFB97C
                                                                                                                                                                                                                          SHA-256:90E585F101CF0BB77091A9A9A28812694CEE708421CE4908302BBD1BC24AC6FD
                                                                                                                                                                                                                          SHA-512:29FF3D42E5D0229F3F17BC0ED6576C147D5C61CE2BD9A2E658A222B75D993230DE3CE35CA6B06F5AFA9EA44CFC67817A30A87F4FAF8DC3A5C883B6EE30F87210
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..........h.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.(...v.=...w.J...y.P...z._...|.e...}.w...........................................................................................................3.....;.....E.....c.....t.....v.....z...........................................................+.....:.....T.....g.....k.....q...................................................................................,.....:.....S.....h.....{.......................................................................+.....5.....A.....X.....h.................................................................(.....=.....R.....f.....m.....p.....q.....x..................................................... .....P.....].....h.......................................................................-.....D.....l....................................... .....".....%.....(.....*.....+.....,./.....@.../.N...0.W...1.....3.....4.....5.....6.....7.....8.....9.(...;.9...<.A...=.L...>.a...?.i...@.x...A...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\en-US.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):347111
                                                                                                                                                                                                                          Entropy (8bit):5.508989875739037
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:xiLqIY2MuZYLMMP9ecGmM8faYdY4K55TiSbn8vMwS:xiLqIp34MM+mM0Y55eSKMwS
                                                                                                                                                                                                                          MD5:5E3813E616A101E4A169B05F40879A62
                                                                                                                                                                                                                          SHA1:615E4D94F69625DDA81DFAEC7F14E9EE320A2884
                                                                                                                                                                                                                          SHA-256:4D207C5C202C19C4DACA3FDDB2AE4F747F943A8FAF86A947EEF580E2F2AEE687
                                                                                                                                                                                                                          SHA-512:764A271A9CFB674CCE41EE7AED0AD75F640CE869EFD3C865D1B2D046C9638F4E8D9863A386EBA098F5DCEDD20EA98BAD8BCA158B68EB4BDD606D683F31227594
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..........:.h.....i.....j.*...k.9...l.D...n.L...o.Q...p.^...r.d...s.u...t.~...v.....w.....y.....z.....|.....}.........................................................................6.....C.....R.....b.....i.....r.................................................................#...........>.....E.....Q.....l.....~.................................................................2.....:.....F.....S.....W.....Z.....`.....p...................................................................................:.....A.....P...........................................................'.....5.....H.....K.....\.....l.....|...................................................................................E.....m.....t.......................................................................0.....I.....m......................................................... .....".....%.3...(.J...*.c...+.f...,.........../.....0.....1.....3.....4.....5.....6.J...7.Z...8.o...9.|...;.....<.....=.....>.....?.....@.....A...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\es-419.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):421147
                                                                                                                                                                                                                          Entropy (8bit):5.3798866108688905
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:34e5fql0vt1s9zjzVMY/6+yN9d8piKkGp2Ioiw/QbuOXV5blUB0GLF96RRIHKxgY:34e5Sktm92Yfhpjq+5wLF96oSdc4
                                                                                                                                                                                                                          MD5:7F6696CC1E71F84D9EC24E9DC7BD6345
                                                                                                                                                                                                                          SHA1:36C1C44404EE48FC742B79173F2C7699E1E0301F
                                                                                                                                                                                                                          SHA-256:D1F17508F3A0106848C48A240D49A943130B14BD0FEB5ED7AE89605C7B7017D1
                                                                                                                                                                                                                          SHA-512:B226F94F00978F87B7915004A13CDBD23DE2401A8AFAA2517498538967DF89B735F8ECC46870C92E3022CAC795218A60AD2B8FFF1EFAD9FEEA4EC193704A568A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........b...h.&...i./...j.;...k.J...l.U...n.]...o.b...p.o...r.u...s.....t.....v.....w.....y.....z.....|.....}.........................................................................B.....T.....c.....x.................................................................I.....c.....k.....y............................................... .....%.....-.....?.....c.....t...........................................................2.....M.....d...............................................#.....6.....E.....W.....o.....w.........................................B.....N.....a.....m...........................................................$.....'.....(.....1.....:.....C.....J.....[.................2.....:.........................................+.....6.....?.....D.....]...................................@.....Y....._.....g.....u............... .....".....%.....(.....*.....+.....,.<.....b.../.....0.....1.....3.....4.....5.....6.[...7.m...8.....9.....;.....<.....=.....>.....?.....@.....A.1...C.X...D.b.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\es.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):421332
                                                                                                                                                                                                                          Entropy (8bit):5.349883254359391
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:fILAyMcQXU0+/3IgsC5pN+v6Idj3J5Orj7FQoz7L66PZqS:ALAyNQCsupUv6gj3J5OrmoznGS
                                                                                                                                                                                                                          MD5:A36992D320A88002697DA97CD6A4F251
                                                                                                                                                                                                                          SHA1:C1F88F391A40CCF2B8A7B5689320C63D6D42935F
                                                                                                                                                                                                                          SHA-256:C5566B661675B613D69A507CBF98768BC6305B80E6893DC59651A4BE4263F39D
                                                                                                                                                                                                                          SHA-512:9719709229A4E8F63247B3EFE004ECFEB5127F5A885234A5F78EE2B368F9E6C44EB68A071E26086E02AA0E61798B7E7B9311D35725D3409FFC0E740F3AA3B9B5
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........Z...h.....i.....j.*...k.9...l.D...n.L...o.Q...p.^...r.d...s.u...t.~...v.....w.....y.....z.....|.....}.........................................................................:.....M.....].....r...........................................................(.....G.....a.....i.....w.....................................................!.....).....;.....N....._.................................................................3.....S.....}............................................... .....-.....>.....V.....^.....o...................................5.....@.....J.....V.....h.............................................................................'.....0.....7.....H.................3.....;.........................................+.....6.....B.....G....._.........................................G.....M.....U.....c............... .....".....%.....(.....*.....+.....,.).....C.../.]...0.d...1.....3.....4.....5.....6.6...7.G...8.\...9.n...;.....<.....=.....>.....?.....@.....A.....C.1...D.;.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\et.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):380687
                                                                                                                                                                                                                          Entropy (8bit):5.464870724176939
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:2Mg++J/xRN0JLnrC4HFJbT/RauiQ/G5LjR43f7LQkPQW:2MmJnq7DG5LjQ
                                                                                                                                                                                                                          MD5:A94E1775F91EA8622F82AE5AB5BA6765
                                                                                                                                                                                                                          SHA1:FF17ACCDD83AC7FCC630E9141E9114DA7DE16FDB
                                                                                                                                                                                                                          SHA-256:1606B94AEF97047863481928624214B7E0EC2F1E34EC48A117965B928E009163
                                                                                                                                                                                                                          SHA-512:A2575D2BD50494310E8EF9C77D6C1749420DFBE17A91D724984DF025C47601976AF7D971ECAE988C99723D53F240E1A6B3B7650A17F3B845E3DAEEFAAF9FE9B9
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........m...h.<...i.M...j.Y...k.h...l.s...n.{...o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....:.....l.....|...............................................,.....B.....D.....H.....p.................................................................5.....B.....H.....P.....^.....m.....v.......................................................................-.....F.....Z.....o.......................................................................0.....=.....W.....e.................................................................-.....B.....V.....m.....t.....w.....x...............................................U.....[...............................................$.....).....,.....<.....b.....x.........................................$.....6.....O.....Z... .d...".w...%.....(.....*.....+.....,....... .../.8...0.E...1.n...3.y...4.....5.....6.....7.....8.....9.+...;.>...<.K...=.T...>.g...?.o...@.~...A.....C.....D...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\fa.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):622184
                                                                                                                                                                                                                          Entropy (8bit):5.029655615738747
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:Kxw5iX9nuyaXTfwHxwNUWGOGfStQEvy1zeItDmNtua/1wMTAKzIxRAQiHedNu36/:Kxw5YuyaXTfwRwNUWGOGfStQEvy1zeIR
                                                                                                                                                                                                                          MD5:9D273AF70EAFD1B5D41F157DBFB94FDC
                                                                                                                                                                                                                          SHA1:DA98BDE34B59976D4514FF518BD977A713EA4F2E
                                                                                                                                                                                                                          SHA-256:319D1E20150D4E3F496309BA82FCE850E91378EE4B0C7119A003A510B14F878B
                                                                                                                                                                                                                          SHA-512:0A892071BEA92CC7F1A914654BC4F9DA6B9C08E3CB29BB41E9094F6120DDC7A08A257C0D2B475C98E7CDCF604830E582CF2A538CC184056207F196FFC43F29AD
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:............h.z...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|."...}.4.....<.....A.....I.....Q.....Y.....`.....g.....n.....p.....u.............................,.....5.....].....k.....u...................................A.....p.....v...................................E.....`.........................................T.....y.....................................................8.....W.......................+.....F.....N.....V.....].....g.....x.............................+.....B....._.............................3.....B.....\.....r.........................................-.....J.....Q.....T.....e.....v.....................................................s............................./.....7.....J.....V.....b.......................$.....J.....w...................................G.....Z... .m...".....%.....(.....*.(...+.+...,.I.....m.../.....0.....1.....3.....4.+...5._...6.....7.....8.....9.G...;.W...<.i...=.}...>.....?.....@.....A.....C.V...D.}...E...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\fi.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):389118
                                                                                                                                                                                                                          Entropy (8bit):5.427253181023048
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:nEbM+RtZ9eC6cMkohGZxGseSFOE/xaWEkLl5W5ucHiEi18OWUcrOShPGNgX1wL2:V+/upPgZxaS5W5xHiEi18OWUsU2
                                                                                                                                                                                                                          MD5:D4B776267EFEBDCB279162C213F3DB22
                                                                                                                                                                                                                          SHA1:7236108AF9E293C8341C17539AA3F0751000860A
                                                                                                                                                                                                                          SHA-256:297E3647EAF9B3B95CF833D88239919E371E74CC345A2E48A5033EBE477CD54E
                                                                                                                                                                                                                          SHA-512:1DC7D966D12E0104AACB300FD4E94A88587A347DB35AD2327A046EF833FB354FD9CBE31720B6476DB6C01CFCB90B4B98CE3CD995E816210B1438A13006624E8F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:............h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.(...|.....}.@.....H.....M.....U.....].....e.....l.....s.....z.....{.....|...........................................................$....._.....x.....z.....~.....................................................7.....E.....R.....f.....v.....|...........................................................".....,.....2.....Q.....j.................................................................&.....3.....H.....N.....V...............................................!.....-.....>.....O.....R.....`.....r.............................................................................9.............................,.....?.....h.....w...........................................................5.....X............................................. .....".....%.....(.3...*.S...+.V...,.t........./.....0.....1.....3.....4.....5.6...6.p...7.....8.....9.....;.....<.....=.....>.....?.#...@.B...A.z...C.....D.....E...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\fil.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):438088
                                                                                                                                                                                                                          Entropy (8bit):5.195613019166525
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:2zHaVyEDQV5aZrU+5xeuhGjZ3ZmA58Pm+7JATvy8:2zNMdU4XA5Imb
                                                                                                                                                                                                                          MD5:3165351C55E3408EAA7B661FA9DC8924
                                                                                                                                                                                                                          SHA1:181BEE2A96D2F43D740B865F7E39A1BA06E2CA2B
                                                                                                                                                                                                                          SHA-256:2630A9D5912C8EF023154C6A6FB5C56FAF610E1E960AF66ABEF533AF19B90CAA
                                                                                                                                                                                                                          SHA-512:3B1944EA3CFCBE98D4CE390EA3A8FF1F6730EB8054E282869308EFE91A9DDCD118290568C1FC83BD80E8951C4E70A451E984C27B400F2BDE8053EA25B9620655
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..........].h.....i.....j.....k.....l.....n.....o.....p.&...r.,...s.=...t.F...v.[...w.h...y.n...z.}...|.....}...........................................................................................5.....<.....E.....d.....l.....y...................................................../.....E.....O.....^.....................................................".....8.......................................................................%.....J.....d.....~.................................................................+.....h.....q.....}...................................&.....4.....I.....o.....r................................................................. .....*.....5.....>.....O.................(.....0.................................................................,.....R.....l.............................6.....=.....H.....Y............... .....".....%.....(.....*.....+.....,.*.....B.../.W...0.`...1.....3.....4.....5.....6.....7.3...8.O...9.d...;.}...<.....=.....>.....?.....@.....A...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\fr.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):454982
                                                                                                                                                                                                                          Entropy (8bit):5.385096169417585
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:07bju28t6QuagV1ZztzYpZ4MYnYM/LDBW5Mx0q20wCbKZL3wfzkCh1f/5FEs6rYr:6JVzbf55Z
                                                                                                                                                                                                                          MD5:0BF28AFF31E8887E27C4CD96D3069816
                                                                                                                                                                                                                          SHA1:B5313CF6B5FBCE7E97E32727A3FAE58B0F2F5E97
                                                                                                                                                                                                                          SHA-256:2E1D413442DEF9CAE2D93612E3FD04F3AFAF3DD61E4ED7F86400D320AF5500C2
                                                                                                                                                                                                                          SHA-512:95172B3B1153B31FCEB4B53681635A881457723CD1000562463D2F24712267B209B3588C085B89C985476C82D9C27319CB6378619889379DA4FAE1595CB11992
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........>...h.....i.....j.....k.....l.....n.....o."...p./...r.5...s.F...t.O...v.d...w.q...y.w...z.....|.....}...........................................................................................1.....<.....E.....g.....s.....{.....................................................+.....<.....I.....W..............................................."...........j.......................................................................,.....M.....p.......................................................................T.....b.....l.........................................+.....:.....R.....U.....l...................................................................................[.......................$.....9.....N.................................................................X.........................................$.....E.....O... .[...".t...%.....(.....*.....+.....,.........../.#...0.1...1.n...3.....4.....5.....6.....7.....8.4...9.J...;.]...<.k...=.}...>.....?.....@.....A.....C.(...D.:.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\gu.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):879149
                                                                                                                                                                                                                          Entropy (8bit):4.32399215971305
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:Xz2UMY57hmdUoITsKMaWZKerbtsMhmksd4M+0+z20QmuOAl5VpvoxWnhygfZw/gQ:D2UMY57h9w4MSbsp5cLhdKE8
                                                                                                                                                                                                                          MD5:7B5F52F72D3A93F76337D5CF3168EBD1
                                                                                                                                                                                                                          SHA1:00D444B5A7F73F566E98ABADF867E6BB27433091
                                                                                                                                                                                                                          SHA-256:798EA5D88A57D1D78FA518BF35C5098CBEB1453D2CB02EF98CD26CF85D927707
                                                                                                                                                                                                                          SHA-512:10C6F4FAAB8CCB930228C1D9302472D0752BE19AF068EC5917249675B40F22AB24C3E29EC3264062826113B966C401046CFF70D91E7E05D8AADCC0B4E07FEC9B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........N...h.....i.....j.$...k.3...l.>...n.F...o.K...p.X...r.^...s.o...t.x...v.....w.....y.....z.....|.....}.............................................................................................................T.....l.................'.....).....5.....].......................4.....S.....i.............................l.................................................................'.....k.....t.....w.............................a.................;.....[.....n.....v.....}.......................+.....:.....f.......................X.....y...........].....s...................................6.....X.....w...............................................-.....L.....c....................... .....B.................Q.............................3.....?.....K.....}...................................o.............................3.....[... .a...".....%.....(.....*.g...+.j...,.........../.....0.....1.~...3.....4.....5.....6.[...7.....8.....9.....;.Q...<.h...=.....>.....?.....@.....A.D...C...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\he.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):544193
                                                                                                                                                                                                                          Entropy (8bit):4.6265566170608325
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:DczykRrlOUmTU2/S9iyBZ60DAf1X2VeQCap4M52QoLpMzu5flmd9DnwWHQgZ:+F55VoQ
                                                                                                                                                                                                                          MD5:6D787DC113ADFB6A539674AF7D6195DB
                                                                                                                                                                                                                          SHA1:F966461049D54C61CDD1E48EF1EA0D3330177768
                                                                                                                                                                                                                          SHA-256:A976FAD1CC4EB29709018C5FFCC310793A7CEB2E69C806454717CCAE9CBC4D21
                                                                                                                                                                                                                          SHA-512:6748DAD2813FC544B50DDEA0481B5ACE3EB5055FB2D985CA357403D3B799618D051051B560C4151492928D6D40FCE9BB33B167217C020BDCC3ED4CAE58F6B676
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........)...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.%...v.:...w.G...y.M...z.\...|.b...}.t.....|.............................................................................2.....K.....^.....w.....................................................4.....O.....f.....y.............................%.....:....._.....r.....z...................................9.....A.....K.....g...............................................C.....m............................................... .....<.....d.....n...................................2.....}...................................!.....$.....7.....N.....a.....y................................................................._.........../.....9.............................".....:.....@.....L.....].....e.............................$....._............................................. .1...".L...%.}...(.....*.....+.....,.........../.....0.....1.W...3.l...4.....5.....6.....7.....8.1...9.E...;.Z...<.t...=.....>.....?.....@.....A.B...C.u.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\hi.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):921748
                                                                                                                                                                                                                          Entropy (8bit):4.3093889077968495
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:zGFGsUtYgPLdROwJgdkFSvf4QAEm5dmGhsYK/GR3TX4/NMdpqdYnLsuFQdXPtg8y:zGEAgT/Zu5J57JtK
                                                                                                                                                                                                                          MD5:1766A05BE4DC634B3321B5B8A142C671
                                                                                                                                                                                                                          SHA1:B959BCADC3724AE28B5FE141F3B497F51D1E28CF
                                                                                                                                                                                                                          SHA-256:0EEE8E751B5B0AF1E226106BEB09477634F9F80774FF30894C0F5A12B925AC35
                                                                                                                                                                                                                          SHA-512:FAEC1D6166133674A56B5E38A68F9E235155CC910B5CCEB3985981B123CC29EDA4CD60B9313AB787EC0A8F73BF715299D9BF068E4D52B766A7AB8808BD146A39
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........"...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.,...w.9...y.?...z.N...|.T...}.f.....n.....s.....{.....................................................6.....X.....}.............................&.....@...................................%.....S.....y.......................&.............................Z.....j.....................................................2.....n.....w.....z.......................A.................).....o..............................................._.....n.................7.....T...............................................$.....n.....q............................./.....b.....i.....l.....n.........................................R...................................Z.....z...................................5.................q.................\...................................0... .K...".k...%.....(.....*.2...+.5...,.S........./.....0.....1.p...3.....4.....5.....6._...7.....8.....9.....;.^...<.r...=.....>.....?.....@.....A.;...C...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\hr.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):423481
                                                                                                                                                                                                                          Entropy (8bit):5.516218200944141
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:yL0fCmEZW/FhjNmvgVRTKBOS+/6ocIG0uPXuyAF6WI6DkYAiKbeM/ogQbn7xjemW:QYCmNLjN3pV5v5tE77ORS
                                                                                                                                                                                                                          MD5:8F9498D18D90477AD24EA01A97370B08
                                                                                                                                                                                                                          SHA1:3868791B549FC7369AB90CD27684F129EBD628BE
                                                                                                                                                                                                                          SHA-256:846943F77A425F3885689DCF12D62951C5B7646E68EADC533B8B5C2A1373F02E
                                                                                                                                                                                                                          SHA-512:3C66A84592DEBE522F26C48B55C04198AD8A16C0DCFA05816825656C76C1C6CCCF5767B009F20ECB77D5A589EE44B0A0011EC197FEC720168A6C72C71EBF77FD
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........h...h.2...i.C...j.O...k.^...l.i...n.q...o.v...p.....r.....s.....t.....v.....w.....y.....z.....|.....}...........................................%.....,.....-...........0.....Y.....e.....q.................................................................A.....T.....p.....x...........................................................".....*.....8.....G.....X.............................................................................%.....B.....c.......................................................................G.....U.....a.....w.............................................../.....2.....B.....S.....f.....|.................................................................(.....g.............................8.....l.....{.....................................................I.....h................................................... .....".0...%.U...(.r...*.....+.....,.........../.....0.....1.....3.)...4.F...5.d...6.....7.....8.....9.....;.....<.....=.....>.4...?.=...@.N...A.....C...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\hu.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):456789
                                                                                                                                                                                                                          Entropy (8bit):5.643595706627357
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:SGAK2lkJ2gSSSfLOAYkky1MV5QgsZfGRAxY62R9PSam7EEOEeLvx5gR4RStG2r2/:pAKWkJ2gSsAkV5QgsiR4747vx5VL/
                                                                                                                                                                                                                          MD5:F5E1CA8A14C75C6F62D4BFF34E27DDB5
                                                                                                                                                                                                                          SHA1:7ABA6BFF18BDC4C477DA603184D74F054805C78F
                                                                                                                                                                                                                          SHA-256:C0043D9FA0B841DA00EC1672D60015804D882D4765A62B6483F2294C3C5B83E0
                                                                                                                                                                                                                          SHA-512:1050F96F4F79F681B3EAF4012EC0E287C5067B75BA7A2CBE89D9B380C07698099B156A0EB2CBC5B8AA336D2DAA98E457B089935B534C4D6636987E7E7E32B169
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........6...h.....i.....j.....k.....l.....n.....o.....p.....r.#...s.4...t.=...v.R...w._...y.e...z.t...|.z...}.....................................................................................2.....G.....W.....q.....................................................9.....X.....d.....}...............................................0.....5.....;.....N.....^.....s.....................................................-.....G.....d.....z.......................#.....?.....H.....P.....W.....].....l...............................................(.....Q.....x...........................................................;.....`.....u.....|...............................................1.......................b.....w...........................................................K.....l.......................5.....L.....T....._.....w............... .....".....%.....(.....*.8...+.;...,.Y.....j.../.....0.....1.....3.....4.....5.....6.P...7.k...8.....9.....;.....<.....=.....>.....?.....@.....A.0...C.U...D.b.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\id.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):373937
                                                                                                                                                                                                                          Entropy (8bit):5.37852966615304
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:Fl9jv1p49ahfjDVnjHFsRmP28Wvr5PdhpvtEDSVsEaOq:FlLpblVnjHFCm+8Sr5Pdhzq
                                                                                                                                                                                                                          MD5:7B39423028DA71B4E776429BB4F27122
                                                                                                                                                                                                                          SHA1:CB052AB5F734D7A74A160594B25F8A71669C38F2
                                                                                                                                                                                                                          SHA-256:3D95C5819F57A0AD06A118A07E0B5D821032EDCF622DF9B10A09DA9AA974885F
                                                                                                                                                                                                                          SHA-512:E40679B01AB14B6C8DFDCE588F3B47BCAFF55DBB1539B343F611B3FCBD1D0E7D8C347A2B928215A629F97E5F68D19C51AF775EC27C6F906CAC131BEAE646CE1A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........@...h.....i.....j.....k.....l.....n.!...o.&...p.3...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}.................................................................................................5.....=.....T.....[.....e.......................................................................,.....J.....[.....h.............................................................................;.....?.....B.....G.....[.....j.....~.................................................................*.....F.....L.....a.........................................6.....H.....Q.....\.....r.........................................................................................!.....'.....3.....a.........................................C.....M.....Y.....`.....h.....o.....v.........................................>.....Q.....V.....\.....i............... .....".....%.....(.....*.....+.....,.#.....3.../.B...0.F...1.z...3.....4.....5.....6.....7.....8.....9.'...;.5...<.>...=.K...>.`...?.h...@.y...A...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\it.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):414412
                                                                                                                                                                                                                          Entropy (8bit):5.287149423624235
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:8cPuDjrpxctogSrqRrhsO11RT9TeexAGTL6+q2WKLV9fLwY+25OM388HrmwGWNBI:8cmDZREZJy8KL1LjAS5ZzoC
                                                                                                                                                                                                                          MD5:D58A43068BF847C7CD6284742C2F7823
                                                                                                                                                                                                                          SHA1:497389765143FAC48AF2BD7F9A309BFE65F59ED9
                                                                                                                                                                                                                          SHA-256:265D8B1BC479AD64FA7A41424C446139205AF8029A2469D558813EDD10727F9C
                                                                                                                                                                                                                          SHA-512:547A1581DDA28C5C1A0231C736070D8A7B53A085A0CE643A4A1510C63A2D4670FF2632E9823CD25AE2C7CDC87FA65883E0A193853890D4415B38056CB730AB54
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........S...h.....i.....j.%...k.4...l.?...n.G...o.L...p.Y...r._...s.p...t.y...v.....w.....y.....z.....|.....}.........................................................................1.....D.....S.....l.....w.................................................................?.....F.....V.....d.....p.....}...............................................!.....7.....k.............................................................................O.....t.......................................................................>.....L.....Y.....v...........................................................3.....H.....[.....s.................................................................*.....u.............................,.....R.....Z.....n.....w...............................................3.....N............................................. .....".....%.....(.(...*.D...+.G...,.e.....v.../.....0.....1.....3.....4.....5.....6.}...7.....8.....9.....;.....<.....=.....>.....?.....@./...A.]...C.....D...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\ja.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):505292
                                                                                                                                                                                                                          Entropy (8bit):5.701779406023226
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:rO2YZ2QUgbjicTver049pUVOT6z4Z72hA/Na4oQPkwaIAOenOIUNH7bbeCcX5RWX:rOpZ2eH/IzSVKo4Z728owPS58HRxVX
                                                                                                                                                                                                                          MD5:D10D536BCD183030BA07FF5C61BF5E3A
                                                                                                                                                                                                                          SHA1:44DD78DBA9F098AC61222EB9647D111AD1608960
                                                                                                                                                                                                                          SHA-256:2A3D3ABC9F80BAD52BD6DA5769901E7B9E9F052B6A58A7CC95CE16C86A3AA85A
                                                                                                                                                                                                                          SHA-512:C67AEDE9DED1100093253E350D6137AB8B2A852BD84B6C82BA1853F792E053CECD0EA0519319498AED5759BEDC66D75516A4F2F7A07696A0CEF24D5F34EF9DD2
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..........y.h.....i.....j.....k.....l.....m.....o.....p.....v.....w.....y.....z.....|.....}.0.....8.....=.....E.....P.....X.....g.....l.....t.....{...............................................$.....*.....<.....d.....y...................................).....S.....t...............................................'.....H.....c.....i.....x.............................5.....;.....M.....k...............................................E.....u.....................................................+.....R.....^.............................Q.....~...............................................#.....8.....d...........................................................V...........,.....2...................................5.....>.....J.....P.....Y.....t.............................8............................................. .....".....%.I...(.....*.....+.....,.........../.....0.#...1.h...3.....4.....5.....6.....7.4...8.R...9.p...;.....<.....=.....>.....?.....@.....A.E...C.l...D.....E.....F.....G...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\kn.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1012272
                                                                                                                                                                                                                          Entropy (8bit):4.2289205973296395
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:VxaK34cS7yFcH4dr/4g7M5iVUZ+xw+UFV:jf7/K5uUb
                                                                                                                                                                                                                          MD5:C548A5F1FB5753408E44F3F011588594
                                                                                                                                                                                                                          SHA1:E064AB403972036DAD1B35ABE9794E95DBE4CC00
                                                                                                                                                                                                                          SHA-256:890F50A57B862F482D367713201E1E559AC778FC3A36322D1DFBBEF2535DD9CB
                                                                                                                                                                                                                          SHA-512:6975E4BB1A90E0906CF6266F79DA6CC4AE32F72A6141943BCFCF9B33F791E9751A9AAFDE9CA537F33F6BA8E4D697125FBC2EC4FFD3BC35851F406567DAE7E631
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........m...h.<...i.M...j.Y...k.h...l.s...n.{...o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....=.................=.....}......................./.....A.............................:.......................&.....d.................-.....U.................6.....N.....j.................L.............................4.....C.....F.....d.................4.................e.........................................P.....o...............................................J...........,.....H.....v.................(.....+.....e.......................G.....................................................(...........V...................................H.....`.....................................................c.................e.......................0.....k......... .....".....%._...(.....*.....+.....,.......4.../.l...0.....1.....3.7...4.....5.....6.U...7.....8.....9.....;.O...<.l...=.....>.....?.....@.....A.....C.....D...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\ko.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):425545
                                                                                                                                                                                                                          Entropy (8bit):6.081959799252044
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:4Y3l9B6CI1zt8OhrJRFJCqM5T718I8Mtmq7hUoBAA:aZJo5D8GAA
                                                                                                                                                                                                                          MD5:B4FBFF56E4974A7283D564C6FC0365BE
                                                                                                                                                                                                                          SHA1:DE68BD097DEF66D63D5FF04046F3357B7B0E23AC
                                                                                                                                                                                                                          SHA-256:8C9ACDE13EDCD40D5B6EB38AD179CC27AA3677252A9CD47990EBA38AD42833E5
                                                                                                                                                                                                                          SHA-512:0698AA058561BB5A8FE565BB0BEC21548E246DBB9D38F6010E9B0AD9DE0F59BCE9E98841033AD3122A163DD321EE4B11ED191277CDCB8E0B455D725593A88AA5
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:............h.z...i.....j.....k.....l.....m.....o.....p.....r.....s.....t.....y.....z.....|.....}.......$.....).....1.....<.....D.....S.....X....._.....f.....h.....m...........................................................e.....u.....w.....{...............................................'.....F.....S.....f.....z...............................................$.....*.....3.....F.....Y....._.....b.....h.........................................8.....O.....U.....].....d.....m.....z................................... .....-.....W.....t.........................................,...../.....<.....L.....Y.....r.....................................................".......................s.................................................................=.....T...................................!.....'.....=.....O.....\... ._...".i...%.....(.....*.....+.....,.+.....A.../.^...0.j...1.....3.....4.....5.....6.=...7.S...8.j...9.z...;.....<.....=.....>.....?.....@.....A.....C.6...D.F...E.g...F.~...G...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\lt.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):457220
                                                                                                                                                                                                                          Entropy (8bit):5.634955727013476
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:Ca5OlSk7unX4nkokvgneIVUoCb1DD7U5R3zv9dFaL8tx9e2lJ2I96S2:Ca5Olrpgme2UoC9c59zv9fx9eoP6S2
                                                                                                                                                                                                                          MD5:980C27FD74CC3560B296FE8E7C77D51F
                                                                                                                                                                                                                          SHA1:F581EFA1B15261F654588E53E709A2692D8BB8A3
                                                                                                                                                                                                                          SHA-256:41E0F3619CDA3B00ABBBF07B9CD64EC7E4785ED4C8A784C928E582C3B6B8B7DB
                                                                                                                                                                                                                          SHA-512:51196F6F633667E849EF20532D57EC81C5F63BAB46555CEA8FAB2963A078ACDFA84843EDED85C3B30F49EF3CEB8BE9E4EF8237E214EF9ECFF6373A84D395B407
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........U...h.....i.....j.)...k.8...l.C...n.K...o.P...p.]...r.c...s.t...t.}...v.....w.....y.....z.....|.....}.........................................................................8.....F.....S.....g.....r.....................................................5.....T.....m.....v...............................................!.....6.....=.....F.....S.....a.....u.....................................................&.....<.....Z.....w.............................5.....>.....F.....M.....X.....j.....................................................-.....T.....m.....{.................................................................H.....O.....R.....S.....].....h.....o.....y.................).....x.............................G.....X.....v...............................................B.....d...............................................)... .>...".N...%.m...(.....*.....+.....,.........../.!...0.$...1.U...3.f...4.....5.....6.....7. ...8.@...9.T...;.b...<.s...=.....>.....?.....@.....A.....C.:.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\lv.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):455871
                                                                                                                                                                                                                          Entropy (8bit):5.635474464056208
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:GOQDGtu4e+D8NHtVFHTPq7K4vHo4q3sb3755ZanXDEG9Aarl4zxmEA5QXls14:GOQUZ2Gu4vTqw75KEGGmEs14
                                                                                                                                                                                                                          MD5:E4F7D9E385CB525E762ECE1AA243E818
                                                                                                                                                                                                                          SHA1:689D784379BAC189742B74CD8700C687FEEEDED1
                                                                                                                                                                                                                          SHA-256:523D141E59095DA71A41C14AEC8FE9EE667AE4B868E0477A46DD18A80B2007EF
                                                                                                                                                                                                                          SHA-512:E4796134048CD12056D746F6B8F76D9EA743C61FEE5993167F607959F11FD3B496429C3E61ED5464551FD1931DE4878AB06F23A3788EE34BB56F53DB25BCB6DF
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........e...h.,...i.=...j.I...k.X...l.c...n.k...o.p...p.}...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................&.....'.....(.....*.....O.....b.....u.....................................................!.....%.....M.....].....s.....z...............................................!.....2.....8.....>.....Q.....e.....{...........................................................%.....7.....I.....g.....}...........................................................3.....7.....P.........................................+.....<.....O.....d.....v...........................................................".....#.....-.....8.....@.....G.....Y.................-.....8...................................%.....,.....;.....>.....I....._.............................#.....T.....i.....p.....y..................... .....".....%.....(.....*.....+.1...,.O.....r.../.....0.....1.....3.....4.....5.!...6.\...7.|...8.....9.....<.....=.....>.....?.....@.....A.9...C.X...D.e.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\ml.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1056673
                                                                                                                                                                                                                          Entropy (8bit):4.264965642462621
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:AYtrLnsoR47/R7nUwmoMmWDcZubSA/d+8di3ethK5d/7dxOt3ab:lt0oNwMi3eG5d/7Ot3c
                                                                                                                                                                                                                          MD5:8B38C65FC30210C7AF9B6FA0424266F4
                                                                                                                                                                                                                          SHA1:116413710FFCF94FBFA38CB97A47731E43A306F5
                                                                                                                                                                                                                          SHA-256:E8DF9A74417C5839C531D7CCAB63884A80AFB731CC62CBBB3FD141779086AC7D
                                                                                                                                                                                                                          SHA-512:0FD349C644AC1A2E7ED0247E40900D3A9957F5BEF1351B872710D02687C934A8E63D3A7585E91F7DF78054AEFF8F7ABD8C93A94FCD20C799779A64278BAB2097
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........j...h.6...i.G...j.S...k.b...l.m...n.u...o.z...p.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................".....).....0.....1.....2.....7.................".....b.....}.......................N...........3.....5.....9.....a.......................M.....{.................@.....n...........!.....e.............................'.......................C.....}.............................H.................=.................P.....~.........................................v.................I.....j.........................................b...................................q.......................b.....i.....l.....n.............................1...........q.....'.....E...........N...........(.....`...................................;.............................Y.....4.............................;.....k... .....".....%.n...(.....*.....+.....,.M........./.....0.....1.}...3.....4.....5.>...6.....7.....8.....9.....;.....<.8...=.X...>.....?.....@.....A.....C...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\mr.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):863911
                                                                                                                                                                                                                          Entropy (8bit):4.295071040310227
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:OVDue+/Ti/eFcDX6WRAWXXspvidz0F5MU9G3GRe3RQR3K5/knxi4nou4bmHwIZus:eueAi2FZW2bo26lp70Kte5zGpGiBs
                                                                                                                                                                                                                          MD5:C0EF1866167D926FB351E9F9BF13F067
                                                                                                                                                                                                                          SHA1:6092D04EF3CE62BE44C29DA5D0D3A04985E2BC04
                                                                                                                                                                                                                          SHA-256:88DF231CF2E506DB3453F90A797194662A5F85E23BBAC2ED3169D91A145D2091
                                                                                                                                                                                                                          SHA-512:9E2B90F3AC1AE5744C22C2442FBCD86A8496AFC2C58F6CA060D6DBB08AF6F7411EF910A7C8CA5AEDEE99B5443D4DFF709C7935E8322CB32F8B071EE59CAEE733
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........(...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.#...t.,...v.A...w.N...y.T...z.c...|.i...}.{.......................................................................9.....[.....}...................................!...................................).....\.............................?.......................&.....E.....a.....w.......................[...............................................4.....^.......................L...................................&.....2.....U.....n.......................i.....................................................;.....X.........................................:.....m.....t.....w.....y.........................................7...................................-.....F.....f.....o.............................".....v.................O.............................?.....t......... .....".....%.,...(.b...*.....+.....,.........../.?...0.L...1.....3.....4.....5.P...6.....7.....8.:...9.b...;.....<.....=.....>.....?.....@.I...A.}...C...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\ms.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):390303
                                                                                                                                                                                                                          Entropy (8bit):5.258177538585681
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:zCsFFfyrvxoQuXkulRopY/5BI8T5sHAVHMM/k3y:tQxoNlR6K5v5vVsMZ
                                                                                                                                                                                                                          MD5:9B3E2F3C49897228D51A324AB625EB45
                                                                                                                                                                                                                          SHA1:8F3DAEC46E9A99C3B33E3D0E56C03402CCC52B9D
                                                                                                                                                                                                                          SHA-256:61A3DAAE72558662851B49175C402E9FE6FD1B279E7B9028E49506D9444855C5
                                                                                                                                                                                                                          SHA-512:409681829A861CD4E53069D54C80315E0C8B97E5DB4CD74985D06238BE434A0F0C387392E3F80916164898AF247D17E8747C6538F08C0EF1C5E92A7D1B14F539
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........c...h.(...i.0...j.<...k.K...l.V...n.^...o.c...p.p...r.v...s.....t.....v.....w.....y.....z.....|.....}................................................................... .....J.....].....q.................................................................<.....R.....r.....{.......................................................................+.....;.....J.....y.............................................................................6.....S.....w.............................................................................:.....S....._.................................................................0.....I.....`.....s.....z.....}.....~.....................................................M.....T.................................................................2.....N.....f.....................................................,.....:... .=...".I...%.u...(.....*.....+.....,.........../.....0.....1.....3.;...4.Z...5.m...6.....7.....8.....9.....;.....<.....=.....>.:...?.B...@.W...A...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\nb.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):383011
                                                                                                                                                                                                                          Entropy (8bit):5.424530593988954
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:rmRAsByIhGvbSqOp7f21zg2mKP7s4Uzwn5el4nYHOp1D:rmRGxvbSqOp7f21vs4kM5el4Jp1D
                                                                                                                                                                                                                          MD5:AF0FD9179417BA1D7FCCA3CC5BEE1532
                                                                                                                                                                                                                          SHA1:F746077BBF6A73C6DE272D5855D4F1CA5C3AF086
                                                                                                                                                                                                                          SHA-256:E900F6D0DD9D5A05B5297618F1FE1600C189313DA931A9CB390EE42383EB070F
                                                                                                                                                                                                                          SHA-512:C94791D6B84200B302073B09357ABD2A1D7576B068BAE01DCCDA7BC154A6487145C83C9133848CCF4CB9E6DC6C5A9D4BE9D818E5A0C8F440A4E04AE8EABD4A29
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........S...h.....i.....j.+...k.:...l.E...n.M...o.R...p._...r.e...s.v...t.....v.....w.....y.....z.....|.....}.........................................................................3.....>.....M.....`.....h.....r.....................................................$.....<.....A.....P.....a.....h.....t...........................................................).....\.....o.....v.....{...........................................................).....A.....Z.....e.....i.....q.....x.....~...........................................................5.....X.....n.....w.........................................................................................!.....).....4.....;.....F.....v.......................>.....X.....p...........................................................&.....?.....W................................................... .....".....%. ...(.@...*.c...+.f...,.........../.....0.....1.....3.....4.....5.....6.L...7.c...8.....9.....;.....<.....=.....>.....?.....@.....A.....C.".

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\nl.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):395064
                                                                                                                                                                                                                          Entropy (8bit):5.365550895872654
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:9V01rV7gSsX5SEHDpaQe3D+qnRVd5qYx1Gp7KhaPW:96NFgSsX5S1V7d5qYx1Gp7KcPW
                                                                                                                                                                                                                          MD5:181D2A0ECE4B67281D9D2323E9B9824D
                                                                                                                                                                                                                          SHA1:E8BDC53757E96C12F3CD256C7812532DD524A0EA
                                                                                                                                                                                                                          SHA-256:6629E68C457806621ED23AA53B3675336C3E643F911F8485118A412EF9ED14CE
                                                                                                                                                                                                                          SHA-512:10D8CC9411CA475C9B659A2CC88D365E811217D957C82D9C144D94843BC7C7A254EE2451A6F485E92385A660FA01577CFFA0D64B6E9E658A87BEF8FCCBBEAF7E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........E...h.....i.....j.....k.....l.#...n.+...o.0...p.=...r.C...s.T...t.]...v.r...w.....y.....z.....|.....}...............................................................................$.....4.....E.....N.....W.....r.....z.....................................................'.....7.....I.....V.....c...........................................................!.....`.....u.....z...........................................................+.....G.....f.......................................................................9.....E.....].....v.....................................................2.....F.....Y.....t.................................................................'.....a...................................<.....I.....Y.....a.....j.....n.....r...................................".....O.....d.....m.....x..................... .....".....%.....(.....*.....+.....,.!.....2.../.I...0.S...1.....3.....4.....5.....6.....7.....8.;...9.J...;.Z...<.h...=.v...>.....?.....@.....A.....C.....D...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\pl.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):439920
                                                                                                                                                                                                                          Entropy (8bit):5.766175831058526
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:f2jujSo9/D+Xgv3iWGb1vPiCUdhUo3Ymhz1QhjAB5cUE447e:Sc3N1Qhw5me
                                                                                                                                                                                                                          MD5:18D49D5376237BB8A25413B55751A833
                                                                                                                                                                                                                          SHA1:0B47A7381DE61742AC2184850822C5FA2AFA559E
                                                                                                                                                                                                                          SHA-256:1729AA5C8A7E24A0DB98FEBCC91DF8B7B5C16F9B6BB13A2B0795038F2A14B981
                                                                                                                                                                                                                          SHA-512:45344A533CC35C8CE05CF29B11DA6C0F97D8854DAE46CF45EF7D090558EF95C3BD5FDC284D9A7809F0B2BF30985002BE2AA6A4749C0D9AE9BDFF4AD13DE4E570
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........T...h.....i.....j.%...k.4...l.?...n.G...o.L...p.Y...r._...s.p...t.y...v.....w.....y.....z.....|.....}.........................................................................6.....E.....S.....h.....q...........................................................3.....M.....S.....g.....|.................................................................).....;.....n.............................................................................2.....N.....i.....{.................................................................+.....6.....V.....c...........................................................(.....7.....M.....d.....{...........................................................T.............................,.....i.....r.....................................................7.....V.....r............................................. .....".)...%.K...(.c...*.....+.....,.........../.....0.....1.....3.,...4.K...5.i...6.....7.....8.....9.....;.....<.....=.....>.....?.$...@.7...A.{...C...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\pt-BR.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):415447
                                                                                                                                                                                                                          Entropy (8bit):5.426006792591415
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:Bm1HqF4Znh9GzBtNBXBLd1OUDcpryHF55NJND0bsRzlb2:UHrnhMzX5PJB4sRxC
                                                                                                                                                                                                                          MD5:0D9DEA9E24645C2A3F58E4511C564A36
                                                                                                                                                                                                                          SHA1:DCD2620A1935C667737EEA46CA7BB2BDCB31F3A6
                                                                                                                                                                                                                          SHA-256:CA7B880391FCD319E976FCC9B5780EA71DE655492C4A52448C51AB2170EEEF3B
                                                                                                                                                                                                                          SHA-512:8FCF871F8BE7727E2368DF74C05CA927C5F0BC3484C4934F83C0ABC98ECAF774AD7ABA56E1BF17C92B1076C0B8EB9C076CC949CD5427EFCADE9DDF14F6B56BC5
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........j...h.6...i.G...j.S...k.b...l.m...n.u...o.z...p.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................".....).....0.....1.....2.....7....._.....q.....................................................#.....%.....).....T.....c.....|...................................................../.....F.....P.....X.....h.....y...........................................................%.....:.....H.....Y.....r.................................................................+.....5.....F.....~...............................................).....;.....S.....V.....g.....y.............................................................................=.....y............................. .....H.....R.....i.....p.....z...............................................3.....f....................................... .....".....%.....(.....*.(...+.+...,.I.....Z.../.n...0.w...1.....3.....4.....5.....6.-...7.A...8.Y...9.l...;.|...<.....=.....>.....?.....@.....A.....C.!...D.+.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\pt-PT.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):416977
                                                                                                                                                                                                                          Entropy (8bit):5.401132911995885
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:isWkrPyGJeOMqieJVJJxhlOlxLu3ov5xKqSR0B:X3PBxj8zv5xKqSRW
                                                                                                                                                                                                                          MD5:6A7232F316358D8376A1667426782796
                                                                                                                                                                                                                          SHA1:8B70FE0F3AB2D73428F19ECD376C5DEBA4A0BB6C
                                                                                                                                                                                                                          SHA-256:6A526CD5268B80DF24104A7F40F55E4F1068185FEBBBB5876BA2CB7F78410F84
                                                                                                                                                                                                                          SHA-512:40D24B3D01E20AE150083B00BB6E10BCA81737C48219BCE22FA88FAAAD85BDC8C56AC9B1EB01854173B0ED792E34BDFBAC26D3605B6A35C14CF2824C000D0DA1
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........s...h.H...i.Y...j.e...k.t...l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................%.....-.....4.....;.....B.....C.....D.....I.....r...........................................................&.....(.....,.....W.....f...........................................................!.....9.....C.....K.....\.....n.................................................................%.....3.....D.....b.................................................................#.....+.....<.....t.....~...............................................(.....:.....T.....W.....h.....|.............................................................................N...................................0.....X.....b.....|.....................................................;.....^............................................. .....".....%.....(.3...*.P...+.S...,.q........./.....0.....1.....3.....4.....5.8...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.+...A.a...C...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\ro.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):430191
                                                                                                                                                                                                                          Entropy (8bit):5.460617985170646
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:pqgw32K4aoFt3GgnSYn0vLi5OU6ois2a/7ulqr:pqgVzFt3GgnSY0vLi5OXo3/5r
                                                                                                                                                                                                                          MD5:99EAA3D101354088379771FD85159DE1
                                                                                                                                                                                                                          SHA1:A32DB810115D6DCF83A887E71D5B061B5EEFE41F
                                                                                                                                                                                                                          SHA-256:33F4C20F7910BC3E636BC3BEC78F4807685153242DD4BC77648049772CF47423
                                                                                                                                                                                                                          SHA-512:C6F87DA1B5C156AA206DC21A9DA3132CBFB0E12E10DA7DC3B60363089DE9E0124BBAD00A233E61325348223FC5953D4F23E46FE47EC8E7CA07702AC73F3FD2E9
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........L...h.....i.....j.....k.$...l./...n.7...o.<...p.I...r.O...s.`...t.i...v.~...w.....y.....z.....|.....}.........................................................................1.....@.....L.....Z.....e.....p...........................................................<.....E.....^.....n.....y...............................................+.....?.....T.................................................................M.....n...................................#.....+.....2.....8.....G.....Y.....n.....u...............................................T.....b.....t.....................................................,.....@.....G.....J.....K.....W.....c.....p.....y.................).....r.....z.............................9.....S.....d.....l.....r.....x.............................3.....V............................................. .....".....%.<...(.S...*.k...+.n...,.........../.....0.....1.....3.....4.'...5.G...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.&...A._...C.....D...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\ru.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):703696
                                                                                                                                                                                                                          Entropy (8bit):4.836890612319527
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:ckXRY5eXN2hHO3j/jHXzvMBsiA2kkce8P/XyFGGJGswfaZ/LeUFCcYWIkHWajf+F:ck5LZ5w6pF
                                                                                                                                                                                                                          MD5:AB9902025DCF7D5408BF6377B046272B
                                                                                                                                                                                                                          SHA1:C9496E5AF3E2A43377290A4883C0555E27B1F10F
                                                                                                                                                                                                                          SHA-256:983B15DCC31D0E9A3DA78CD6021E5ADD2A3C2247322ADED9454A5D148D127AAE
                                                                                                                                                                                                                          SHA-512:D255D5F5B6B09AF2CDEC7B9C171EEBB1DE1094CC5B4DDF43A3D4310F8F5F223AC48B8DA97A07764D1B44F1D4A14FE3A0C92A0CE6FE9A4AE9A6B4A342E038F842
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..........S.h.....i.....j.....k.....l.....n.#...o.(...p.5...r.;...s.L...t.U...v.j...w.w...y.}...z.....|.....}.........................................................................:.....W.....t.........................................E.....l.....n.....r...................................(.....A.....K.............................3.....?.....b.......................+.....5.....F.....[.....v.........................................8.....f.........................................*.....K.....e...................................H.....i.............................7.....t.....w...................................B.....I.....L.....M.....].....q...................................>.....J.................#.....e.........................................6.....t.................:.......................#.....7.....G.....w......... .....".....%.....(.....*.....+.....,.........../.....0.....1.]...3.t...4.....5.....6.N...7.r...8.....9.....;.....<.....=.....>.8...?.G...@.f...A.....C.!...D.2...E.j...F...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\sk.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):443094
                                                                                                                                                                                                                          Entropy (8bit):5.818852266406701
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:vQt/WMWyqiLJcPXPk5ELALWaQlKDEmLFGR:vQYfyqiWPXM5ELALWaQlwdLE
                                                                                                                                                                                                                          MD5:C6C7396DBFB989F034D50BD053503366
                                                                                                                                                                                                                          SHA1:089F176B88235CCE5BCA7ABFCC78254E93296D61
                                                                                                                                                                                                                          SHA-256:439F7D6C23217C965179898754EDCEF8FD1248BDD9B436703BF1FF710701117A
                                                                                                                                                                                                                          SHA-512:1476963F47B45D2D26536706B7EEBA34CFAE124A3087F7727C4EFE0F19610F94393012CDA462060B1A654827E41F463D7226AFA977654DCD85B27B7F8D1528EB
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........U...h.....i. ...j.,...k.;...l.F...n.N...o.S...p.`...r.f...s.w...t.....v.....w.....y.....z.....|.....}.........................................................................A.....U.....].....o.....z.....................................................9.....R.....q.....w...............................................!.....0.....6.....>.....N....._.....s.....................................................$.....:.....L.....h.......................................................................".....=.....|...............................................*.....9.....a.....d.....v...................................................................................d.......................t.........................................%.....0.....9.....P.....x.............................U.....r.....z........................... .....".....%.....(.....*.6...+.9...,.W.....h.../.....0.....1.....3.....4.....5.....6.D...7.Y...8.p...9.....;.....<.....=.....>.....?.....@.....A.(...C.I...D.T...E.t.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\sl.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):427791
                                                                                                                                                                                                                          Entropy (8bit):5.48540289392965
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:iyCeC3SMQRB21BPDwY5oEcAVOlJgi/fzxzqg:iTJ6kDwY5oEc0i/fzxt
                                                                                                                                                                                                                          MD5:D4BD9F20FD29519D6B017067E659442C
                                                                                                                                                                                                                          SHA1:782283B65102DE4A0A61B901DEA4E52AB6998F22
                                                                                                                                                                                                                          SHA-256:F33AFA6B8DF235B09B84377FC3C90403C159C87EDD8CD8004B7F6EDD65C85CE6
                                                                                                                                                                                                                          SHA-512:ADF8D8EC17E8B05771F47B19E8027F88237AD61BCA42995F424C1F5BD6EFA92B23C69D363264714C1550B9CD0D03F66A7CFB792C3FBF9D5C173175B0A8C039DC
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........A...h.....i.....j.....k.....l.....n.!...o.&...p.3...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}.....................................................................................*.....:.....B.....R.....y...............................................,.....D.....N.....X.....b.....m.....{.................................................................M.....c.....h.....o...........................................................%.....C.....d.................................................................3.....=.....L.....c.....v.....................................................-.....@.....P.....e.....|.................................................................Y.............................2.....m.....z.....................................................2.....H.....o............................................. .....".....%.....(.P...*.t...+.w...,.........../.....0.....1.....3. ...4.<...5.Q...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.,...A.....C...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\sr.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):660194
                                                                                                                                                                                                                          Entropy (8bit):4.761695251077794
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:oLNvoUKEuNI0I4Ki1eg82ATs+Hc549x4moW037LJzk/k/N:xrnqJc5Axjw
                                                                                                                                                                                                                          MD5:CBB817A58999D754F99582B72E1AE491
                                                                                                                                                                                                                          SHA1:6EC3FD06DEE0B1FE5002CB0A4FE8EC533A51F9FD
                                                                                                                                                                                                                          SHA-256:4BD7E466CB5F5B0A451E1192AA1ABAAF9526855A86D655F94C9CE2183EC80C25
                                                                                                                                                                                                                          SHA-512:EFEF29CEDB7B08D37F9DF1705D36613F423E994A041B137D5C94D2555319FFB068BB311884C9D4269B0066746DACD508A7D01DF40A8561590461D5F02CB52F8B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........e...h.,...i.=...j.I...k.X...l.c...n.k...o.p...p.}...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................&.....'.....(.....*.....y............................. .....b.........................................?.....c.........................................?.....V.....o...................................3.....R...................................'.....1.....A.....M.....l.............................J.....................................................4.....@.....c.............................-.....l...................................P.....S.....n.....................................................%.....1.....J.....Y.....o.......................).................&.....n...............................................g.......................H...................................0.....E... .Y...".....%.....(.....*.....+."...,.@.....h.../.....0.....1.....3.....4.R...5.....6.....7.....8.B...9.v...;.....<.....=.....>.....?.....@.....A.....C...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\sv.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):385361
                                                                                                                                                                                                                          Entropy (8bit):5.543491670458518
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:M4pITVzssdlJ9EAjiws8cB7xjpZ/4LLXru9M9SOxDE/xUDvZv5pB5mEgb7:BpIXzJ9V2B1q5/5mz
                                                                                                                                                                                                                          MD5:502E4A8B3301253ABE27C4FD790FBE90
                                                                                                                                                                                                                          SHA1:17ABCD7A84DA5F01D12697E0DFFC753FFB49991A
                                                                                                                                                                                                                          SHA-256:7D72E3ADB35E13EC90F2F4271AD2A9B817A2734DA423D972517F3CFF299165FD
                                                                                                                                                                                                                          SHA-512:BD270ABAF9344C96B0F63FC8CEC04F0D0AC9FC343AB5A80F5B47E4B13B8B1C0C4B68F19550573A1D965BB18A27EDF29F5DD592944D754B80EA9684DBCEDEA822
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........0...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.*...t.3...v.H...w.U...y.[...z.j...|.p...}...........................................................................................!.....).....2.....M.....U.....`...........................................................&.....-.....:.....c.....t.........................................................../.....;.....C.....U.....e.....i.....s.....z...................................%.....H.....S.....Y.....a.....h.....n.....{.....................................................).....R.....q.....y.................................................................$.....+.........../.....7.....?.....J.....R.....].................".....).....u.................................................................'.....?.....k...............................................".....*... ./...".9...%.[...(.x...*.....+.....,.........../.....0.....1.....3.)...4.P...5.e...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.%...A.Q...C.p.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\sw.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):404460
                                                                                                                                                                                                                          Entropy (8bit):5.342349721117576
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:icM47G565vqimUwbQuBndO8gJGgnATm5A1vZcsToe4t2ht:iy7GsP5Ar
                                                                                                                                                                                                                          MD5:39277AE2D91FDC1BD38BEA892B388485
                                                                                                                                                                                                                          SHA1:FF787FB0156C40478D778B2A6856AD7B469BD7CB
                                                                                                                                                                                                                          SHA-256:6D6D095A1B39C38C273BE35CD09EB1914BD3A53F05180A3B3EB41A81AE31D5D3
                                                                                                                                                                                                                          SHA-512:BE2D8FBEDAA957F0C0823E7BEB80DE570EDD0B8E7599CF8F2991DC671BDCBBBE618C15B36705D83BE7B6E9A0D32EC00F519FC8543B548422CA8DCF07C0548AB4
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........Y...h.....i.....j.+...k.:...l.E...n.M...o.R...p._...r.e...s.v...t.....v.....w.....y.....z.....|.....}.........................................................................3.....E.....U.....i.....u...........................................................+.....H.....N.....Z.....m.....z.....................................................$.....8.....E.....p.......................................................................8.....W.....{................................................................. .....[.....m.....{...................................(.....4.....K.....x.....{.........................................................................................+.....\...................................+.....P.....Z.....r.....x...............................................-.....L............................................. .....".....%.....(.7...*.S...+.V...,.t........./.....0.....1.....3.....4.....5.1...6.i...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.9.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\ta.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1043803
                                                                                                                                                                                                                          Entropy (8bit):4.044068430611977
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:LXNxfy+orMVjLn1ExBlhfg5yzntRMcA2i:rffyrrMFL1cB3g5yzMcA2i
                                                                                                                                                                                                                          MD5:7006691481966109CCE413F48A349FF2
                                                                                                                                                                                                                          SHA1:6BD243D753CF66074359ABE28CFAE75BCEDD2D23
                                                                                                                                                                                                                          SHA-256:24EA4028DA66A293A43D27102012235198F42A1E271FE568C7FD78490A3EE647
                                                                                                                                                                                                                          SHA-512:E12C0D1792A28BF4885E77185C2A0C5386438F142275B8F77317EB8A5CEE994B3241BB264D9502D60BFBCE9CF8B3B9F605C798D67819259F501719D054083BEA
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........(...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.#...v.8...w.E...y.K...z.Z...|.`...}.r.....z.................................................................M.....{.............................v.......................n.....p.....t.................E.....c.......................;.......................0.....m...............................................$.....`...................................0.....y.................9.............................!.....(.....F.....n.......................3.............................F...........;.....`.......................7.....:.....n.................$.....Z.....................................................E.....#.......................Q.................c.............................#...../.....s.............................B.................*.....?.....d............... .....".....%.}...(.....*.O...+.R...,.p........./.....0.....1.u...3.....4.....5.....6.....7.]...8.....9.....;.'...<.G...=.j...>.....?.....@.....A.9...C...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\te.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):965006
                                                                                                                                                                                                                          Entropy (8bit):4.295544641165274
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:wM9fKUyABW3p1F9SviTlw2cfgvNFOJgr/p54JVQJMwKpaJC28+58XoX0Doq9OyUk:wM9fKU6225jM9h
                                                                                                                                                                                                                          MD5:F809BF5184935C74C8E7086D34EA306C
                                                                                                                                                                                                                          SHA1:709AB3DECFF033CF2FA433ECC5892A7AC2E3752E
                                                                                                                                                                                                                          SHA-256:9BBFA7A9F2116281BF0AF1E8FFB279D1AA97AC3ED9EBC80C3ADE19E922D7E2D4
                                                                                                                                                                                                                          SHA-512:DE4B14DD6018FDBDF5033ABDA4DA2CB9F5FCF26493788E35D88C07A538B84FDD663EE20255DFD9C1AAC201F0CCE846050D2925C55BF42D4029CB78B057930ACD
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........o...h.@...i.Z...j.f...k.u...l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................&...........5.....<.....C.....D.....E.....J.................5.....r.............................#.............................8.....~.......................T.....v.......................x...........#.....A.....c.......................s.......................=...................................V.................v...........>.....s.........................................h.....}.................L.....g.................n.......................:.....c.............................".....R.........................................%.....L.....s.................k...................................1.............................A.....V.....e...........".....r...........P...........>.............................U.....|... .....".....%.....(.q...*.....+.....,.........../.n...0.....1.#...3.F...4.....5.....6.O...7.....8.....9.$...;.Q...<.n...=.....>.....?.....@.....A.Z.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\th.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):811437
                                                                                                                                                                                                                          Entropy (8bit):4.342029978594925
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:1Jf31Mkgs3s5UWgHLRflsjj8cKGXdlogG0EeuLADh7Kle9dKj753ohP09XAyFHyJ:1Qzt5/5l
                                                                                                                                                                                                                          MD5:2C41616DFE7FCDB4913CFAFE5D097F95
                                                                                                                                                                                                                          SHA1:CF7D9E8AD3AA47D683E47F116528C0E4A9A159B0
                                                                                                                                                                                                                          SHA-256:F11041C48831C93AA11BBF885D330739A33A42DB211DACCF80192668E2186ED3
                                                                                                                                                                                                                          SHA-512:97329717E11BC63456C56022A7B7F5DA730DA133E3FC7B2CC660D63A955B1A639C556B857C039A004F92E5F35BE61BF33C035155BE0A361E3CD6D87B549DF811
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..........y.h.....i.....j.....k.....l.....o.....p.....r.....s.....t.....v.....w.....y.....z.,...|.2...}.D.....L.....Q.....Y.....d.....l.....q.....y.............................................................................(.....7................................... .....Y.....k.............................=.....\.....z.............................^.................d.....................................................J.....w.......................F.....y...............................................,.....J.....t.................".....y.................E.....c...................................&.....G.....d.....................................................;...........P.................n.................j.........................................9.......................C.....{...........5.....>.....S..................... .....".....%.?...(.....*.....+.....,.........../.U...0.h...1.....3.....4.V...5.....6.)...7.J...8.....9.....;.....<.....=.....>.X...?.....@.....A.....C. ...D.<...E.o.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\tr.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):411446
                                                                                                                                                                                                                          Entropy (8bit):5.6133974766805546
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:y1MAG26Pl1kY1bkQq/7I5NsA7WGgeh5X/0+gi1ZavXEAQwiBvVGI:9j2Yle66s5775X/R
                                                                                                                                                                                                                          MD5:3A858619502C68D5F7DE599060F96DB9
                                                                                                                                                                                                                          SHA1:80A66D9B5F1E04CDA19493FFC4A2F070200E0B62
                                                                                                                                                                                                                          SHA-256:D81F28F69DA0036F9D77242B2A58B4A76F0D5C54B3E26EE96872AC54D7ABB841
                                                                                                                                                                                                                          SHA-512:39A7EC0DFE62BCB3F69CE40100E952517B5123F70C70B77B4C9BE3D98296772F10D3083276BC43E1DB66ED4D9BFA385A458E829CA2A7D570825D7A69E8FBB5F4
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........}...h.\...i.m...j.w...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.......".....'...../.....7.....?.....F.....M.....T.....U.....V.....X...........................................................L.....f.....h.....l.....................................................:.....O.....[.....~............................................... .....$.....,.....9.....N.....P.....S.....Z.....q.....................................................!.....(...../.....D.....X.....{.........................................3.....V.....e.....q.....|.............................................................................).....2.....9.....D.....L.....[.................!.....'.....o.................................................................9.....X.........................................!.....0.....G.....M... .X...".m...%.....(.....*.....+.....,.........../.....0.%...1.Z...3.g...4.}...5.....6.....7.....8.....9.2...;.B...<.M...=.Z...>.m...?.v...@.....A.....C...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\uk.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):705061
                                                                                                                                                                                                                          Entropy (8bit):4.868598768447113
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:wrccq9nty/KiDswU1nbx05kB3IjUUmEg5KuoLNiXElqnOyh:HGX35EEK
                                                                                                                                                                                                                          MD5:EE70E9F3557B9C8C67BFB8DFCB51384D
                                                                                                                                                                                                                          SHA1:FC4DFC35CDE1A00F97EEFE5E0A2B9B9C0149751E
                                                                                                                                                                                                                          SHA-256:54324671A161F6D67C790BFD29349DB2E2D21F5012DC97E891F8F5268BDF7E22
                                                                                                                                                                                                                          SHA-512:F4E1DA71CB0485851E8EBCD5D5CF971961737AD238353453DB938B4A82A68A6BBAF3DE7553F0FF1F915A0E6640A3E54F5368D9154B0A4AD38E439F5808C05B9F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:............h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.,...|.2...}.D.....L.....Q.....Y.....a.....i.....p.....w.....~...................................!.....K.....d.....m.............................P.....R.....V.....~...................................%.....F.........................................1.....S.....y.............................!.....8.....Q.....[.....k.....{.............................A.....n.........................................(.....H.....l.....x.......................&.....=.........................................A.....D.....i.............................'...........1.....2.....B.....T.....f.....y.............................+.................$.....~...................................$.....R.......................<.....w.............................E.....u......... .....".....%.....(.....*.{...+.~...,.........../.....0. ...1.....3.....4.....5.....6.Z...7.}...8.....9.....;.....<.....=.....>.I...?.X...@.y...A.....C.1...D.J.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\ur.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):617109
                                                                                                                                                                                                                          Entropy (8bit):5.143761316646653
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:LbeI8PzGSEiyqkAXsA5rzTExbWW7mQYrjuUco/9NjjFpvIx:LbDwz5qWK
                                                                                                                                                                                                                          MD5:FF0A23974AEF88AFC86ECC806DBF1D60
                                                                                                                                                                                                                          SHA1:E7BAE97CBB8692A0D106644DFAA9B7D7EA6FCEF0
                                                                                                                                                                                                                          SHA-256:F245AB242AAFEEF37DB736C780476534FAD0706AA66DCB8B6B8CD181B4778385
                                                                                                                                                                                                                          SHA-512:AABE8160FAC7E0EB8E8EB80963FE995FA4A802147D1B8F605BC0FE3F8E2474463C1D313471C11C85EB5578112232FDC8E89B8A6D43DBE38A328538FF30A78D08
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........S...h.....i.....j.....k.+...l.6...n.>...o.C...p.P...r.V...s.g...t.p...v.....w.....y.....z.....|.....}.........................................................................v...............................................!.....c...............................................3.....Z.....g.............................:.....a.....k.....~.......................+.....\.....f.....y.........................................(.....J.....x.......................7.....F.....N.....U.....i...................................P.....c.....}.................(.....X.....g...............................................!.....?.....].....~.....................................................W.................C.............................!.....=.....C.....Q.....e.....k.......................^.......................+.....7.....L.....e............... .....".....%.....(.....*.K...+.N...,.l........./.....0.....1.....3.1...4.^...5.....6.....7.....8.S...9.l...;.....<.....=.....>.....?.....@.....A.....C.W.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\vi.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):488196
                                                                                                                                                                                                                          Entropy (8bit):5.7988900625034185
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:gzLBn6cDgszBm0JXbwS1LcxzIJj758+UIi0+UELbzi830l:gpdDgsz00JrwSNizS5Hti0+UUvi830l
                                                                                                                                                                                                                          MD5:3FE6F90F1F990AED508DEDA3810CE8C2
                                                                                                                                                                                                                          SHA1:3B86F00666D55E984B4ACA1A5E8319FFA8F411FF
                                                                                                                                                                                                                          SHA-256:5EEBB23221AEBCF0BE01BFC2695F7DD35B17F6769BE1E28E5610D35C9717854B
                                                                                                                                                                                                                          SHA-512:9AA9D55F112C8B32AA636086CFD2161D97EA313CAC1A44101014128124A03504C992AC8EFD265ABA4E91787AEF7134A14507A600F5EC96FF82DF950A8883828C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:............h.j...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.!...}.3.....;.....@.....H.....P.....X....._.....f.....m.....n.....o.....q...............................................(.....2.....Y.....x.....z.....~................................... .....+.....D.....t...........................................................5.....L.....V.....a.....r...........................................................T.....q.................................................................o...................................<.....P.....[.....i.....|.........................................#.....:.....A.....D.....E.....N.....W.....c.....m.......................4.....C.....................................................2.....=....._.............................4.....i....................................... .....".....%.....(.E...*.j...+.m...,.........../.....0.....1.....3.....4.*...5.?...6.y...7.....8.....9.....;.....<.....=.....>.....?.'...@.I...A.u...C...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\zh-CN.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):354097
                                                                                                                                                                                                                          Entropy (8bit):6.680890808929274
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:gchsAAfyrtJw99jEaZx79+vKK4/+kTme5zBNCJ7GAmlv:gAAfyrtJAoaZ+vKK4/ye5zBNCJ7C
                                                                                                                                                                                                                          MD5:20F315D38E3B2EDC5832931E7770B62A
                                                                                                                                                                                                                          SHA1:2390BD585DEC1E884873454BB98B6F1467DCF7BB
                                                                                                                                                                                                                          SHA-256:53A803724BBF2E7F40AAB860325C348F786EECA1EA5CA39A76B4C4A616E3233F
                                                                                                                                                                                                                          SHA-512:C338E241DE3561707C7C275B7D6E0FB16185A8CD7112057C08B74FFCE122148EF693FE310C839FF93F102726A78E61DE3E68C8E324F445A07A98EE9C4FDD4E13
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..........?.h.....i.....j.....k.&...l.-...m.5...o.;...p.@...r.F...s.W...t.`...v.u...w.....|.....}...............................................................................%.....1.....C.....I.....\.....s.....y.....................................................#...../.....G.....S....._.................................................................+.....:.....@.....I.....[.....m.....s.....y...............................................$.....0.....6.....>.....E.....Q.....].....i............................................... .....D.....b.....q.....w............................................................................. .....5.....>.....G.....M.....W.....a.............................K.....].....o.................................................................,.....>.....g............................................. .....".....%.....(.)...*.>...+.A...,.n........./.....0.....1.....3.....4.....5.....6.N...7.c...8.x...9.....;.....<.....=.....>.....?.....@.....A.P...C.w...D...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\locales\zh-TW.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):350032
                                                                                                                                                                                                                          Entropy (8bit):6.69437398216595
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:BiwxICJkrCU2JLuRyMD+4qz5MHzCtMkZ/9ybT1:BiyS0pMD+4qz5MHzd6/o
                                                                                                                                                                                                                          MD5:524711882CBFB5B95A63EF48F884CFF0
                                                                                                                                                                                                                          SHA1:1078037687CFC5D038EEB8B63D295239E0EDC47A
                                                                                                                                                                                                                          SHA-256:9E16499CD96A155D410C8DF4C812C52FF2A750F8C4DB87FD891C1E58C1428C78
                                                                                                                                                                                                                          SHA-512:16D45A81F7F4606EDA9D12A8B1DA06E3C866B11BDC0C92A4022BFB8D02B885D8F028457CF23E3F7589DFD191ED7F7FBC68C81B6E1411834EDFCBC9CC85E0DC4D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..........\.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.-...t.6...v.K...w.X...y.^...z.m...|.s...}..................................................................................... .....8.....N.....Z.....m...........................................................!.....*.....6.....S.....`.....l.....~.......................................................................#.....)...../.....5.....M.....\.....k.....}.............................................................................'.....T.....`.....l.....................................................,...../.....;.....M....._.....s.............................................................................I.....v.....|...............................................!.....'.....-.....?.....i.....................................................$.....8.....A... .M..."._...%.z...(.....*.....+.....,.........../.....0.....1.@...3.Q...4.i...5.....6.....7.....8.....9.....;.....<.....=.-...>.F...?.P...@.e...A.....C.....D...

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\resources.pak

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):5245458
                                                                                                                                                                                                                          Entropy (8bit):7.995476669559971
                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                          SSDEEP:98304:HLYxfQVcnNWz49PDq2AwpmqdhBh1Dd42cjrwrbHw4o0DPelwG3RC:H0pQGcMButuBhpd4jkrU4oeelrRC
                                                                                                                                                                                                                          MD5:7D5065ECBA284ED704040FCA1C821922
                                                                                                                                                                                                                          SHA1:095FCC890154A52AD1998B4B1E318F99B3E5D6B8
                                                                                                                                                                                                                          SHA-256:A10C3D236246E001CB9D434A65FC3E8AA7ACDDDDD9608008DB5C5C73DEE0BA1F
                                                                                                                                                                                                                          SHA-512:521B2266E3257ADAA775014F77B0D512FF91B087C2572359D68FFE633B57A423227E3D5AF8EE4494538F1D09AA45FFA1FE8E979814178512C37F7088DDD7995D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:............f.......P'....$*.....-...43@...4.H...4XK...4i]...4.f...4.m...4?p...4.v...4.x...4.z...4.~...4....4.....4?....4.....4....4.....4=....4z....4a....4....4....4.....4.....4.....43....4.....4.....4J....4J....4.....4.....4#....4j....4J....5.....5....v5.:..w5.;..x5.<..y5.>..z5a?...5.?...5.D...5.E...5dJ...5.O...5.V...5.f...5.w...5.x...5.|..n<&...x<....y<....z<....{<....|<....<+....<r....<8....</....<....V@....W@....X@x...Y@d...Z@....[@2...\@O...]@....^@...._@hh..`@....<A....=A.....P.~...Pe....PX....P.....P.....Pt....P.....P3....Q.....QF....Q.....Q.....Q.....Q[....QA....Q.....Q.....QW....Q.....Qv....Q9!...Q.'...QF....Q.1..,Q.F..-QsL...QLN../Q.P..0Q.U..1Q.i..2Q.j..3Q.k..4QEm..5Q.o..6Q.r..7Q~t..8QEw..9Q!x..:Q.z..;Ql...<Q)...=Q....>Q ...?Q"....R....Ry....}.....}. ...}._...}%a...}[h...}.h...}[j...}Lo...}....}.&...}.....}.6...}4;...}.=...}&B...}mG...~.O...~.d...~.q...~.t...~.|...~.}..!~...."~....#~...$~|...&~....'~A...(~....)~....*~t$..+~.4..,~.6..-~V8...~.;../~i<..0~|=..1~iA..2~.H

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\resources\app.asar

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):46967871
                                                                                                                                                                                                                          Entropy (8bit):6.222181991243183
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:786432:g/WycIAfu7iBAZKRP4QDM0WyFzANtP6ChuVc:4aIsaMzANtP6ChuVc
                                                                                                                                                                                                                          MD5:47CF1F17D6E55A7CCC07DCB137978CA2
                                                                                                                                                                                                                          SHA1:5584A6549BB0530631C94410F4F1D2FDAA654450
                                                                                                                                                                                                                          SHA-256:B1DEA4DF87B3F28976560A250AEF99C27D182C08F61A4CF0F41BF08B5ED2B06A
                                                                                                                                                                                                                          SHA-512:204B95EAEB0673CF6227DE3D82235B7AF945E12893E5F19B2A371A8AF9C0BC51E12523D593EDC6366EBEE86A07A58239B7911E9B752A014E72E344F01DE91A89
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:....0...,...%...{"files":{"app.js":{"size":303138,"integrity":{"algorithm":"SHA256","hash":"1b7533bdae3a71efe05ebdd714872d68011cf00b3394b276a4066b37ead0f2af","blockSize":4194304,"blocks":["1b7533bdae3a71efe05ebdd714872d68011cf00b3394b276a4066b37ead0f2af"]},"offset":"0"},"package.json":{"size":340,"integrity":{"algorithm":"SHA256","hash":"4260a367feb4142360931163973e55f7bd6e2c7a56610d7406c56b0a88454de2","blockSize":4194304,"blocks":["4260a367feb4142360931163973e55f7bd6e2c7a56610d7406c56b0a88454de2"]},"offset":"303138"},"node_modules":{"files":{"agent-base":{"files":{"package.json":{"size":1198,"integrity":{"algorithm":"SHA256","hash":"1c22afa50ae7fedb6d51d34394cccb31fc4ed27163271d3060355b044a5b5777","blockSize":4194304,"blocks":["1c22afa50ae7fedb6d51d34394cccb31fc4ed27163271d3060355b044a5b5777"]},"offset":"1917493"},"src":{"files":{"index.ts":{"size":9018,"integrity":{"algorithm":"SHA256","hash":"63b9c52366354393361bbbd40158a3051d39a6e2db4ce564418e01e4ecd1bc64","blockSize":4194304,"bloc

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\resources\elevate.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):107520
                                                                                                                                                                                                                          Entropy (8bit):6.442687067441468
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
                                                                                                                                                                                                                          MD5:792B92C8AD13C46F27C7CED0810694DF
                                                                                                                                                                                                                          SHA1:D8D449B92DE20A57DF722DF46435BA4553ECC802
                                                                                                                                                                                                                          SHA-256:9B1FBF0C11C520AE714AF8AA9AF12CFD48503EEDECD7398D8992EE94D1B4DC37
                                                                                                                                                                                                                          SHA-512:6C247254DC18ED81213A978CCE2E321D6692848C64307097D2C43432A42F4F4F6D3CF22FB92610DFA8B7B16A5F1D94E9017CF64F88F2D08E79C0FE71A9121E40
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e......e......e.......zR........._...h......h.f.............h......Rich....................PE..L......W............................l........0....@.......................................@....................................P.......x.......................T.......p...............................@............0..$............................text............................... ..`.rdata...k...0...l..................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\snapshot_blob.bin

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):220112
                                                                                                                                                                                                                          Entropy (8bit):3.855980291560132
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:PCwB4XM5LZsfo0p7SnaCCz3wqTYLmN6hdSajAvDGc/dH4WBlkwHvwi0UQn1nWIa3:KwNsf5PBt
                                                                                                                                                                                                                          MD5:916127734BC7C5B0DB478191A37FC19A
                                                                                                                                                                                                                          SHA1:F9D868C2578F14513FCB95E109AEC795C98DBBA3
                                                                                                                                                                                                                          SHA-256:E19ED7FB96E19BB5BFE791DF03561D654EA5D52021C3403A2652F439A8D77801
                                                                                                                                                                                                                          SHA-512:D291B26568572D5777B036577DDF30C1B6C6C41E9D53EF2D8AF735DB001EA5C568371F3907FBFFC02FEEE628F0F29AFB718AE5DEB32FF245A37947A7B1B9C297
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..........j)11.2.214.9-electron.0...........................................D......L...........`....`....`....`b...`....`..........Y.D......`$.........D......`$.......D......`$.......m.D......`$.........D......`D.........D......`$.......1.D......`$.......D......`$.......D......`$.........D......`$.......D......`$......ID......`$.......D......`$.......D......`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\v8_context_snapshot.bin

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):523336
                                                                                                                                                                                                                          Entropy (8bit):5.1733870178138
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:51ZU4IFZ/X+KBIViMMg8zYOK8B4UnK83ItBaUHK:nZaZ/OiY2BnrUAF
                                                                                                                                                                                                                          MD5:4F4D00247758C684C295243DDEDD2948
                                                                                                                                                                                                                          SHA1:F8E8FC6C22FDE9DF1D60C329E38B38A85F96BB69
                                                                                                                                                                                                                          SHA-256:4EA84C4465EEA20B46E6DED30F711F1E0D61E15574D861B0210819ABD5E895E5
                                                                                                                                                                                                                          SHA-512:2C335672979114BD68FF6F1B1B94235FBF072FE8642CAD1F7D61855B92741F0633FA0CCB77CD520BE560DB2D3AC75F9BE08E22806487BF5D3045781E3903AD45
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:........r4u.11.2.214.9-electron.0................................................C..`...l...............`....`....`T...`b...`....`..........Y.D......`$.........D......`$.......D......`$.......m.D......`$.........D......`D.........D......`$.......1.D......`$.......D......`$.......D......`$.........D......`$.......D......`$......ID......`$.......D......`$.......D......`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\vk_swiftshader.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):4691456
                                                                                                                                                                                                                          Entropy (8bit):6.674054781171017
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:98304:x2GmsucG1vUTM3SFhCrHglx7LQDCwchuW6ugI:cuuF4XhCGLQDCaI
                                                                                                                                                                                                                          MD5:65A5705D95A0820740B3396851FF1751
                                                                                                                                                                                                                          SHA1:A692A80BAFC41BA1B29EF19890F8465B3FB20DCB
                                                                                                                                                                                                                          SHA-256:4C4B935CBB320033F504A89B1EB0A4BCB176BBD46A5981153CB1F54DEB146A1C
                                                                                                                                                                                                                          SHA-512:0C5DF23B96EAF952C4A498FF6D854DF2B62E7631B16C2855ED37DDBADFFBA3DD52E7450F2E06CF094BEC2E0D70D14C87A652150766D90EC8662E03123DF5942D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!.....N9..D.......4.......................................H...........@A.........................C.~...f.C.P....pF.......................F..6...:C.....................0:C......`9..............C..............................text....L9......N9................. ..`.rdata......`9......R9.............@..@.data...8T....C..z....C.............@....00cfg.......PF......TE.............@..@.tls....1....`F......VE.............@....rsrc........pF......XE.............@..@.reloc...6....F..8...^E.............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\vk_swiftshader_icd.json

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):106
                                                                                                                                                                                                                          Entropy (8bit):4.724752649036734
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                                                                          MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                                          SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                                          SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                                          SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\7z-out\vulkan-1.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):804864
                                                                                                                                                                                                                          Entropy (8bit):6.7728821881501
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24576:cJObHhG7TEnCGlrpZpjL4TB46Z5WODYsHh6g3P0zAk722:c0c7TECgpZpju46Z5WODYsHh6g3P0zA+
                                                                                                                                                                                                                          MD5:A947C5D8FEC95A0F24B4143CED301209
                                                                                                                                                                                                                          SHA1:EBF3089985377A58B8431A14E22A814857287AAF
                                                                                                                                                                                                                          SHA-256:29CB256921A1B0F222C82650469D534CCDF038D1F395B3AAA9F1086918F5D3FA
                                                                                                                                                                                                                          SHA-512:75F5E055F4422B5558FC1CB3EA84FB7CBEAAE6F71C786CC06C295D4AB51C0B1C84E28A7C89FE544F007DBE8E612BED4059139F1575934FE4BAC8E538C674EBD3
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!.....H...........8....................................................@A........................._..<!..L...P.... .......................0.......=.......................<.......`..............x................................text....F.......H.................. ..`.rdata..<U...`...V...L..............@..@.data...`5..........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\SpiderBanner.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):9216
                                                                                                                                                                                                                          Entropy (8bit):5.5347224014600345
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
                                                                                                                                                                                                                          MD5:17309E33B596BA3A5693B4D3E85CF8D7
                                                                                                                                                                                                                          SHA1:7D361836CF53DF42021C7F2B148AEC9458818C01
                                                                                                                                                                                                                          SHA-256:996A259E53CA18B89EC36D038C40148957C978C0FD600A268497D4C92F882A93
                                                                                                                                                                                                                          SHA-512:1ABAC3CE4F2D5E4A635162E16CF9125E059BA1539F70086C2D71CD00D41A6E2A54D468E6F37792E55A822D7082FB388B8DFECC79B59226BBB047B7D28D44D298
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..Wy./../../....../..Wi./..Wx./..W~./..W{./..Rich./..................PE..L...T{mW...........!................p!.......0...............................p............@..........................5..o...l1..P....P.......................`.......................................................0...............................text............................... ..`.rdata.......0......................@..@.data........@......................@....rsrc........P......................@..@.reloc..d....`....... ..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\StdUtils.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):102400
                                                                                                                                                                                                                          Entropy (8bit):6.729923587623207
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
                                                                                                                                                                                                                          MD5:C6A6E03F77C313B267498515488C5740
                                                                                                                                                                                                                          SHA1:3D49FC2784B9450962ED6B82B46E9C3C957D7C15
                                                                                                                                                                                                                          SHA-256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
                                                                                                                                                                                                                          SHA-512:9870C5879F7B72836805088079AD5BBAFCB59FC3D9127F2160D4EC3D6E88D3CC8EBE5A9F5D20A4720FE6407C1336EF10F33B2B9621BC587E930D4CBACF337803
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q....C...C...C...C...C...C...C...C...C...C...C...C...C.[.C...C.[.C...C.[.C...C.[.C...CRich...C........................PE..L...I..[...........!.....*...b...............@.......................................+....@..........................}..d....t..........X............................................................................@...............................text....).......*.................. ..`.rdata..TC...@...D..................@..@.data...l............r..............@....rsrc...X............x..............@..@.reloc..j............~..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\System.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                                                          Entropy (8bit):5.719859767584478
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
                                                                                                                                                                                                                          MD5:0D7AD4F45DC6F5AA87F606D0331C6901
                                                                                                                                                                                                                          SHA1:48DF0911F0484CBE2A8CDD5362140B63C41EE457
                                                                                                                                                                                                                          SHA-256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
                                                                                                                                                                                                                          SHA-512:C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....~.\...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\app-32.7z

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:7-zip archive data, version 0.4
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):77543897
                                                                                                                                                                                                                          Entropy (8bit):7.999994854323907
                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                          SSDEEP:1572864:e6LBYCN9I9oap0lwmwBYQi2Jrydy/UgJnsI0SNcucgzxTMWIymNxe:VuS27WqBR3rEy/TJnsqN0QMWgW
                                                                                                                                                                                                                          MD5:A654004DFF31A3BEAEEDBDF4960B412F
                                                                                                                                                                                                                          SHA1:2F731E9EF3FED7E900A2257C1D83D7D77F4111D9
                                                                                                                                                                                                                          SHA-256:0136D087E4FDF1EF2C0EF9587283222DF4A89C874AD42675A6260935CAB9FA42
                                                                                                                                                                                                                          SHA-512:7330FA59B1B66E46586C784769D3AFE091E4625719B29603CF2D1B2FBEA4509FC3152E14BE5F2702FD4DC96AEFF79E06375D4DA79D278DE81B2A0E976D72C77B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:7z..'...n..$.9......%..........A..R..]...6...#k.![y.`.Gr#.f..F......./.t..C..8.^..k .....@..........ih..w*.`.c...I...;.R.A`../_.Q:..yn........6...a {.f_.....>..`..Nu.....q/..H...hsIhA.5..... .9.[...L./.(.^.+Vz@.Dt7OZI.z.N...~;].rW..k......s...^<i ...w.`3.}............T.Z.v.m..W8..m...........k..8..w+.8..9N.C......._; ..u.J........i43.d.......`....r."O.E...'.{h....'....$.M.$..Y....&.+.r|T....aF.T.9...&..sh....I..;.qP.Y..........V..^..P.:...D.."..@Cw...%8.h.5....6V/0..]....%7.Z.P..w..J..].....M..^......+..BMZ..&..}.6l..hT..t).?2....1...F..H..+...0.s.}.S.-x;...f.b}....8.R.@.....r.....Ib......$(/^XdI..46G..Q....`......h..H.U......p..[.Sa-Q@G.......h!....Z....2$.^.IqZ...~~CUB..#.nAp5.k..K....O".G.(......N...>`.k.....;.~A.X.e.mzUq.L...o..PH..WxfRH..z..dT!."d.W.4...Tx... ..Y<..1.P.#.W..Z7.f.z.R...u6.......C.+?.....p.d........".<.../h.Y..`u<m.y.u.Lh.Fz...#...F).,..G.~..'..Mx.s:3..V..m..[%.B.V[...V.Id_.~i6..$...H.ywyg.D.lA.`.H..+..X..@H....

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\nsExec.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):6656
                                                                                                                                                                                                                          Entropy (8bit):5.155286976455086
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
                                                                                                                                                                                                                          MD5:EC0504E6B8A11D5AAD43B296BEEB84B2
                                                                                                                                                                                                                          SHA1:91B5CE085130C8C7194D66B2439EC9E1C206497C
                                                                                                                                                                                                                          SHA-256:5D9CEB1CE5F35AEA5F9E5A0C0EDEEEC04DFEFE0C77890C80C70E98209B58B962
                                                                                                                                                                                                                          SHA-512:3F918F1B47E8A919CBE51EB17DC30ACC8CFC18E743A1BAE5B787D0DB7D26038DC1210BE98BF5BA3BE8D6ED896DBBD7AC3D13E66454A98B2A38C7E69DAD30BB57
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,..................Rich...........PE..L....~.\...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..L.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsmA70F.tmp\nsis7z.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):434176
                                                                                                                                                                                                                          Entropy (8bit):6.584811966667578
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
                                                                                                                                                                                                                          MD5:80E44CE4895304C6A3A831310FBF8CD0
                                                                                                                                                                                                                          SHA1:36BD49AE21C460BE5753A904B4501F1ABCA53508
                                                                                                                                                                                                                          SHA-256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
                                                                                                                                                                                                                          SHA-512:C8BA7B1F9113EAD23E993E74A48C4427AE3562C1F6D9910B2BBE6806C9107CF7D94BC7D204613E4743D0CD869E00DAFD4FB54AAD1E8ADB69C553F3B9E5BC64DF
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.6a..X2..X2..X2m.[3..X2m.]3..X2Z.]3+.X2Z.\3..X2Z.[3..X2m.\3..X2m.Y3..X2..Y2..X2..\3#.X2..]3..X2..X3..X2...2..X2...2..X2..Z3..X2Rich..X2........PE..L.....\...........!......................... ...............................@............@..........................6.......7..d................................E.....................................@............ ...............................text............................... ..`.rdata..8"... ...$..................@..@.data........P... ...6..............@....rsrc................V..............@..@.reloc...E.......F...Z..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                          Entropy (8bit):7.99997902642352
                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                          File name:nsis-installer.exe
                                                                                                                                                                                                                          File size:78'057'262 bytes
                                                                                                                                                                                                                          MD5:85aea19a596f59d0dbf368f99be6a139
                                                                                                                                                                                                                          SHA1:9fd84c0780b6555cdeed499b30e5d67071998fbc
                                                                                                                                                                                                                          SHA256:7a95214e7077d7324c0e8dc7d20f2a4e625bc0ac7e14b1446e37c47dff7eeb5b
                                                                                                                                                                                                                          SHA512:7de04cce49edfe48555b68d0a9935292b8e8a494af62dd6da9c92c022697d579b6d81685a91594e8402266b2ad73939e78a761110f9c39b20544308591db0f06
                                                                                                                                                                                                                          SSDEEP:1572864:fb6LBYCN9I9oap0lwmwBYQi2Jrydy/UgJnsI0SNcucgzxTMWIymNx:fiuS27WqBR3rEy/TJnsqN0QMWg
                                                                                                                                                                                                                          TLSH:830833DC5FD0BD82E4EC7BB85E1F7AABFB22A04C5CC06D56216856C26C12C531E1F52A
                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@.

                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                          Icon Hash:0771ccf8d84d2907

                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Entrypoint:0x40338f
                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                          Time Stamp:0x5C157F86 [Sat Dec 15 22:26:14 2018 UTC]
                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                          OS Version Major:4
                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                          File Version Major:4
                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                          Subsystem Version Major:4
                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                          Import Hash:b34f154ec913d2d2c435cbd644e91687

                                                                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                                                                          Signature Valid:false
                                                                                                                                                                                                                          Signature Issuer:CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                                                          Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                          Error Number:-2146869232
                                                                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                                                                          • 12/05/2022 22:45:59 11/05/2023 22:45:59
                                                                                                                                                                                                                          Subject Chain
                                                                                                                                                                                                                          • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                                                          Version:3
                                                                                                                                                                                                                          Thumbprint MD5:EAF99B1CDFF361CB066EC1CDB5FD68ED
                                                                                                                                                                                                                          Thumbprint SHA-1:F372C27F6E052A6BE8BAB3112B465C692196CD6F
                                                                                                                                                                                                                          Thumbprint SHA-256:6DFB94C073BA075667FCC19AB327AE679D84F2A2BCF76CC21ABFC9B93FEE61A5
                                                                                                                                                                                                                          Serial:33000002CBB77539FB027142360000000002CB
                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                          sub esp, 000002D4h
                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                          push 00000020h
                                                                                                                                                                                                                          pop edi
                                                                                                                                                                                                                          xor ebx, ebx
                                                                                                                                                                                                                          push 00008001h
                                                                                                                                                                                                                          mov dword ptr [esp+14h], ebx
                                                                                                                                                                                                                          mov dword ptr [esp+10h], 0040A2E0h
                                                                                                                                                                                                                          mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                                                                          call dword ptr [004080A8h]
                                                                                                                                                                                                                          call dword ptr [004080A4h]
                                                                                                                                                                                                                          and eax, BFFFFFFFh
                                                                                                                                                                                                                          cmp ax, 00000006h
                                                                                                                                                                                                                          mov dword ptr [0047AEECh], eax
                                                                                                                                                                                                                          je 00007FF9ECC66A33h
                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                          call 00007FF9ECC69CE5h
                                                                                                                                                                                                                          cmp eax, ebx
                                                                                                                                                                                                                          je 00007FF9ECC66A29h
                                                                                                                                                                                                                          push 00000C00h
                                                                                                                                                                                                                          call eax
                                                                                                                                                                                                                          mov esi, 004082B0h
                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                          call 00007FF9ECC69C5Fh
                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                          call dword ptr [00408150h]
                                                                                                                                                                                                                          lea esi, dword ptr [esi+eax+01h]
                                                                                                                                                                                                                          cmp byte ptr [esi], 00000000h
                                                                                                                                                                                                                          jne 00007FF9ECC66A0Ch
                                                                                                                                                                                                                          push 0000000Ah
                                                                                                                                                                                                                          call 00007FF9ECC69CB8h
                                                                                                                                                                                                                          push 00000008h
                                                                                                                                                                                                                          call 00007FF9ECC69CB1h
                                                                                                                                                                                                                          push 00000006h
                                                                                                                                                                                                                          mov dword ptr [0047AEE4h], eax
                                                                                                                                                                                                                          call 00007FF9ECC69CA5h
                                                                                                                                                                                                                          cmp eax, ebx
                                                                                                                                                                                                                          je 00007FF9ECC66A31h
                                                                                                                                                                                                                          push 0000001Eh
                                                                                                                                                                                                                          call eax
                                                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                                                          je 00007FF9ECC66A29h
                                                                                                                                                                                                                          or byte ptr [0047AEEFh], 00000040h
                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                          call dword ptr [00408044h]
                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                          call dword ptr [004082A0h]
                                                                                                                                                                                                                          mov dword ptr [0047AFB8h], eax
                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                          lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                                          push 000002B4h
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                          push 00440208h
                                                                                                                                                                                                                          call dword ptr [00408188h]
                                                                                                                                                                                                                          push 0040A2C8h
                                                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                                                          • [EXP] VC++ 6.0 SP5 build 8804
                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x19b0000x59b0.rsrc
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x4a6e7760x27b8
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                          .text0x10000x66270x68007618d4c0cd8bb67ea9595b4266b3a91fFalse0.6646259014423077data6.450282348506287IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .rdata0x80000x14a20x1600eecac1fed9cc6b447d50940d178404d8False0.4405184659090909data5.025178929113415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .data0xa0000x70ff80x600db8f31a08a2242d80c29e1f9500c6527False0.5182291666666666data4.037117731448378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          .ndata0x7b0000x1200000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          .rsrc0x19b0000x59b00x5a00f35e9af7cf9178f3d473364270608254False0.4953559027777778data5.460148092136221IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                          RT_ICON0x19b5c80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.7213883677298312
                                                                                                                                                                                                                          RT_ICON0x19c6700xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688, 256 important colorsEnglishUnited States0.6751066098081023
                                                                                                                                                                                                                          RT_ICON0x19d5180x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152, 256 important colorsEnglishUnited States0.7851985559566786
                                                                                                                                                                                                                          RT_ICON0x19ddc00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colorsEnglishUnited States0.6560693641618497
                                                                                                                                                                                                                          RT_ICON0x19e3280x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.8031914893617021
                                                                                                                                                                                                                          RT_ICON0x19e7900x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.3118279569892473
                                                                                                                                                                                                                          RT_ICON0x19ea780x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.36824324324324326
                                                                                                                                                                                                                          RT_DIALOG0x19eba00x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                                                          RT_DIALOG0x19eda80xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                                                          RT_DIALOG0x19eea00xeedataEnglishUnited States0.6260504201680672
                                                                                                                                                                                                                          RT_DIALOG0x19ef900x1fadataEnglishUnited States0.40118577075098816
                                                                                                                                                                                                                          RT_DIALOG0x19f1900xf0dataEnglishUnited States0.6666666666666666
                                                                                                                                                                                                                          RT_DIALOG0x19f2800xe6dataEnglishUnited States0.6565217391304348
                                                                                                                                                                                                                          RT_DIALOG0x19f3680x1eedataEnglishUnited States0.38866396761133604
                                                                                                                                                                                                                          RT_DIALOG0x19f5580xe4dataEnglishUnited States0.6447368421052632
                                                                                                                                                                                                                          RT_DIALOG0x19f6400xdadataEnglishUnited States0.6422018348623854
                                                                                                                                                                                                                          RT_DIALOG0x19f7200x1eedataEnglishUnited States0.3866396761133603
                                                                                                                                                                                                                          RT_DIALOG0x19f9100xe4dataEnglishUnited States0.6359649122807017
                                                                                                                                                                                                                          RT_DIALOG0x19f9f80xdadataEnglishUnited States0.6376146788990825
                                                                                                                                                                                                                          RT_DIALOG0x19fad80x1f2dataEnglishUnited States0.39759036144578314
                                                                                                                                                                                                                          RT_DIALOG0x19fcd00xe8dataEnglishUnited States0.6508620689655172
                                                                                                                                                                                                                          RT_DIALOG0x19fdb80xdedataEnglishUnited States0.6486486486486487
                                                                                                                                                                                                                          RT_DIALOG0x19fe980x202dataEnglishUnited States0.42217898832684825
                                                                                                                                                                                                                          RT_DIALOG0x1a00a00xf8dataEnglishUnited States0.6653225806451613
                                                                                                                                                                                                                          RT_DIALOG0x1a01980xeedataEnglishUnited States0.6512605042016807
                                                                                                                                                                                                                          RT_GROUP_ICON0x1a02880x68dataEnglishUnited States0.6634615384615384
                                                                                                                                                                                                                          RT_VERSION0x1a02f00x294OpenPGP Secret KeyEnglishUnited States0.43787878787878787
                                                                                                                                                                                                                          RT_MANIFEST0x1a05880x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076
                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                          KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                                                                                                                                          USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                                                                                                                                                          GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                                                                          SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                                                                                                                                                          ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                                                                                                                          COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                                                                                                          ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance
                                                                                                                                                                                                                          DescriptionData
                                                                                                                                                                                                                          CompanyNameSerenityTherapyInstaller Inc
                                                                                                                                                                                                                          FileDescription
                                                                                                                                                                                                                          FileVersion1.0.0
                                                                                                                                                                                                                          LegalCopyrightCopyright 2024 SerenityTherapyInstaller Inc
                                                                                                                                                                                                                          ProductNameSerenityTherapyInstaller
                                                                                                                                                                                                                          ProductVersion1.0.0
                                                                                                                                                                                                                          Translation0x0409 0x04e4

                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                          Download Network PCAP: filteredfull

                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                          Feb 3, 2025 19:05:28.835474014 CET6338553192.168.2.161.1.1.1
                                                                                                                                                                                                                          Feb 3, 2025 19:05:28.842534065 CET53633851.1.1.1192.168.2.16

                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                          Feb 3, 2025 19:05:28.835474014 CET192.168.2.161.1.1.10x34a8Standard query (0)ipinfo.ioA (IP address)IN (0x0001)false

                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                          Feb 3, 2025 19:05:28.842534065 CET1.1.1.1192.168.2.160x34a8No error (0)ipinfo.io34.117.59.81A (IP address)IN (0x0001)false

                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                          • File
                                                                                                                                                                                                                          • Registry

                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                          Start time:13:02:51
                                                                                                                                                                                                                          Start date:03/02/2025
                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\nsis-installer.exe"
                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                          File size:78'057'262 bytes
                                                                                                                                                                                                                          MD5 hash:85AEA19A596F59D0DBF368F99BE6A139
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Has exited:true
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          File Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Section Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Registry Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Mutex Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Process Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Thread Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Memory Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          System Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Windows UI Activities

                                                                                                                                                                                                                          Process Token Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                          Start time:13:02:51
                                                                                                                                                                                                                          Start date:03/02/2025
                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv | %SYSTEMROOT%\System32\find.exe "SerenityTherapyInstaller.exe"
                                                                                                                                                                                                                          Imagebase:0xf20000
                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                          Has exited:true
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          File Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Section Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Process Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Memory Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                          Start time:13:02:51
                                                                                                                                                                                                                          Start date:03/02/2025
                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                          Imagebase:0x7ff6684c0000
                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                          Has exited:true
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          File Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Section Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Mutex Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Thread Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Memory Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Windows UI Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                          Start time:13:02:52
                                                                                                                                                                                                                          Start date:03/02/2025
                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv
                                                                                                                                                                                                                          Imagebase:0x690000
                                                                                                                                                                                                                          File size:79'360 bytes
                                                                                                                                                                                                                          MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                          Has exited:true
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Section Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          COM Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Thread Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                                                          Process Token Activities


                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                          Start time:13:02:52
                                                                                                                                                                                                                          Start date:03/02/2025
                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\find.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:C:\Windows\System32\find.exe "SerenityTherapyInstaller.exe"
                                                                                                                                                                                                                          Imagebase:0x990000
                                                                                                                                                                                                                          File size:14'848 bytes
                                                                                                                                                                                                                          MD5 hash:15B158BC998EEF74CFDD27C44978AEA0
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                                          Has exited:true
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Section Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Memory Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                                                          Start time:13:03:17
                                                                                                                                                                                                                          Start date:03/02/2025
                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe"
                                                                                                                                                                                                                          Imagebase:0xf20000
                                                                                                                                                                                                                          File size:138'321'408 bytes
                                                                                                                                                                                                                          MD5 hash:D05989CE9BE7EA67632845FA837299C9
                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Has exited:false
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          File Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Section Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Registry Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Process Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Thread Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Memory Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          System Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Windows UI Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:15
                                                                                                                                                                                                                          Start time:13:03:39
                                                                                                                                                                                                                          Start date:03/02/2025
                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe"
                                                                                                                                                                                                                          Imagebase:0xf20000
                                                                                                                                                                                                                          File size:138'321'408 bytes
                                                                                                                                                                                                                          MD5 hash:D05989CE9BE7EA67632845FA837299C9
                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Has exited:false
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          File Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Section Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Registry Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Process Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Thread Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Memory Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          System Activities

                                                                                                                                                                                                                          Show Windows behavior

                                                                                                                                                                                                                          Windows UI Activities

                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                                                                                                                                                          There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                          No disassembly